CVE-2024-49758: LibreNMS Unsanitized User Input - Admin XSS Vulnerability via ExamplePlugin

LibreNMS is an open-source network monitoring tool that uses PHP, MySQL, and SNMP to keep track of various network devices. It provides an intuitive interface for network administrators to keep an eye on the performance, resources, and status of different devices on their network.

However, in this post, we will be discussing a vulnerability with a CVE ID of CVE-2024-49758, which was discovered in LibreNMS 24.10.. The vulnerability allows an attacker with admin privileges to execute arbitrary JavaScript code due to improper input sanitization of device Notes in conjunction with ExamplePlugin.

Vulnerability Details

The vulnerability arises in the handling of user input when admins add Notes to a device. Specifically, LibreNMS does not correctly sanitize the input, allowing an attacker to insert JavaScript code into the device's Notes. When the ExamplePlugin is enabled, this JavaScript code is executed, potentially leading to destructive outcomes.

The vulnerability is categorized as a Cross-Site Scripting (XSS) attack, and since the attacker requires admin privileges for exploitation to be successful, it's classified as an Admin XSS vulnerability.

In the "Add Note" textbox, insert the following JavaScript code snipplet (payload)

<script>alert('XSS Exploit');</script>

Save the Note and enable the ExamplePlugin if not enabled yet.

5. Navigate to the device page or reload it. The JavaScript code will be executed, in this case, displaying an alert box with the message "XSS Exploit".

By following these steps, the admin XSS vulnerability is successfully exploited, proving that the application does not sanitize input properly. While this specific example is relatively harmless, more malicious actions could be taken by an attacker with this attack vector.

Remediation

As previously mentioned, this vulnerability has been patched in LibreNMS version 24.10.. To protect your system from this vulnerability, performing the following steps is highly recommended:

Update LibreNMS to the latest version (24.10. or above).

2. If you're using the ExamplePlugin, ensure that it's the latest version and not vulnerable to this exploit.

Upgrading to the latest version of LibreNMS should remove the underlying vulnerability, ensuring your network monitoring system is secure from this particular XSS attack.

Conclusion

CVE-2024-49758 is a critical vulnerability that exists within LibreNMS, allowing for the execution of arbitrary JavaScript code through unsanitized admin user inputs. The issue lies in the handling of device Notes when ExamplePlugin is enabled. Consequently, admins must update LibreNMS and the ExamplePlugin to ensure their system is secure from potential attacks associated with this vulnerability.

For more information about CVE-2024-49758, you can refer to the following sources

- NIST National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/detail/CVE-2024-49758
- LibreNMS GitHub Repository: https://github.com/librenms/librenms
- CVE Details: https://www.cvedetails.com/cve/CVE-2024-49758/

Timeline

Published on: 11/15/2024 16:15:34 UTC
Last modified on: 11/20/2024 14:40:36 UTC