Authenticated users can achieve full remote code execution on OneUptime Probe servers by exploiting a command injection vulnerability in the traceroute functionality.

The vulnerability exists in the NetworkPathMonitor.performTraceroute() function, which fails to properly sanitize shell metacharacters in the destination field. This allows an authenticated project user to inject and execute arbitrary operating system commands on the underlying Probe server.

A successful exploit allows an attacker to take complete control of the Probe server, potentially using it as a pivot point to attack other internal network resources. This leads to a total loss of confidentiality, integrity, and availability for the affected monitoring infrastructure. The CVSS score of 9.9 reflects the critical risk of authenticated remote code execution.

Immediate Action: Upgrade OneUptime to version 10.0.7 or later immediately to patch the command injection flaw.

Proactive Monitoring: Inspect Probe server logs for suspicious shell commands or unusual outbound network connections originating from the monitoring service.

Compensating Controls: Use containerization to isolate the Probe service and implement strict AppArmor or SELinux profiles to limit the commands the service can execute.

Public Exploit Available: false

Remote code execution vulnerabilities in monitoring tools are particularly dangerous as these tools often have broad network access. Immediate patching is required to secure the Probe servers and prevent lateral movement within the corporate network.