CVE-2024-51092
LibreNMS · LibreNMS
LibreNMS versions prior to 24.10.0 are susceptible to OS command injection via multiple controller and polling scripts, allowing unauthenticated remote code execution.
Executive summary
A critical OS command injection vulnerability in LibreNMS allows unauthenticated remote attackers to execute arbitrary system commands, leading to full server compromise.
Vulnerability
The vulnerability resides in the AboutController.php, SettingsController.php, and PollDevice.php files, where improper input sanitization allows for OS command injection. This flaw is exploitable by an unauthenticated remote attacker.
Business impact
With a CVSS score of 9.1, this vulnerability poses a severe threat to any environment utilizing LibreNMS. Successful exploitation allows an attacker to gain full control over the host server, potentially resulting in complete data exfiltration, unauthorized modification of network monitoring data, or the use of the server as a pivot point for further network attacks.
Remediation
Immediate Action: Upgrade all instances of LibreNMS to version 24.10.0 or later immediately to patch the vulnerable components.
Proactive Monitoring: Review web server logs for suspicious HTTP requests targeting the affected controller files and monitor for unusual outbound network traffic from the LibreNMS server.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules designed to detect and block OS command injection patterns in HTTP requests.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability is highly critical due to the ease of remote execution without authentication. Organizations should treat this as a top priority for patching to prevent catastrophic security breaches within their management infrastructure.