CVE-2024-32480 - Vulnerability Details - OpenCVE

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Librenms	Librenms

Configuration 1 [-]

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c
https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438

History

Thu, 02 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Librenms Librenms librenms
CPEs		cpe:2.3:a:librenms:librenms::::::::
Vendors & Products		Librenms Librenms librenms

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-22T22:10:50.221Z

Updated: 2024-08-02T02:13:39.173Z

Reserved: 2024-04-12T19:41:51.168Z

Link: CVE-2024-32480

Vulnrichment

Updated: 2024-08-02T02:13:39.173Z

NVD

Status : Analyzed

Published: 2024-04-22T23:15:50.440

Modified: 2025-01-02T21:38:11.383

Link: CVE-2024-32480

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-32480", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-12T19:41:51.168Z", "datePublished": "2024-04-22T22:10:50.221Z", "dateUpdated": "2024-08-02T02:13:39.173Z"}, "containers": {"cna": {"title": "LibreNMS's Time-Based Blind SQL injection leads to database extraction", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438"}, {"name": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c", "tags": ["x_refsource_MISC"], "url": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c"}], "affected": [{"vendor": "librenms", "product": "librenms", "versions": [{"version": "< 24.4.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-22T22:10:50.221Z"}, "descriptions": [{"lang": "en", "value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue."}], "source": {"advisory": "GHSA-jh57-j3vq-h438", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32480", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-23T00:21:00.605841Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"], "vendor": "librenms", "product": "librenms", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:51:12.018Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:39.173Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438"}, {"name": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438", "name": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c", "name": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:13:39.173Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-32480", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-23T00:21:00.605841Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"], "vendor": "librenms", "product": "librenms", "versions": [{"status": "affected", "version": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-23T00:20:30.618Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "LibreNMS's Time-Based Blind SQL injection leads to database extraction", "source": {"advisory": "GHSA-jh57-j3vq-h438", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "librenms", "product": "librenms", "versions": [{"status": "affected", "version": "< 24.4.0"}]}], "references": [{"url": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438", "name": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c", "name": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-22T22:10:50.221Z"}}}, "cveMetadata": {"cveId": "CVE-2024-32480", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:13:39.173Z", "dateReserved": "2024-04-12T19:41:51.168Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-04-22T22:10:50.221Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*", "matchCriteriaId": "4176B8A1-4185-477D-B978-63C96B4352B3", "versionEndExcluding": "24.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue."}, {"lang": "es", "value": "LibreNMS es un sistema de monitoreo de red de c\u00f3digo abierto basado en PHP/MySQL/SNMP. Las versiones anteriores a la 24.4.0 son vulnerables a la inyecci\u00f3n SQL. El par\u00e1metro `order` se obtiene de `$request`. Despu\u00e9s de realizar una verificaci\u00f3n de cadena, el valor se incorpora directamente a una declaraci\u00f3n SQL y se concatena, lo que genera una vulnerabilidad de inyecci\u00f3n SQL. Un atacante puede extraer una base de datos completa de esta manera. La versi\u00f3n 24.4.0 soluciona el problema."}], "id": "CVE-2024-32480", "lastModified": "2025-01-02T21:38:11.383", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-22T23:15:50.440", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/librenms/librenms/commit/83fe4b10c440d69a47fe2f8616e290ba2bd3a27c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}