CVE-2018-18478 Libre NMS 1.43 - Stored Cross-Site Scripting
LibreNMS is an autodiscovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems including Cisco, Linux, FreeBSD, Juniper, Brocade, Foundry, HP and many more.
📅 Discover by Javier Olmedo on 08/09/2018
💣 Public disclosure on 19/10/2018
🔗 Software link Libre NMS
🐞 Vulnerable version = 1.43 and possibly olders
Impact
- Perfect situation for (spear) phishing
- We may auto redirect users to another page after they have entered their credentials, so it doesn’t look suspicious (by using top.location.href)
- Attack visitors by embedding http://beefproject.com/
- Allows an attacker to perform clickjack attacks
Proof Of Concept
- In main panel, click in New Dasboard (+)
- Enter “<script>alert(‘PoC CVE-2018–18478’)</script>” payload in name field
More info
https://github.com/librenms/librenms/issues/9170
https://github.com/librenms/librenms/pull/9171
https://github.com/librenms/librenms/releases/tag/1.44
Timeline
08/09/2018 Discover
08/09/2018 Reported bug by GitHub Issue
16/10/2018 Patched
18/08/2018 Request CVE
19/10/2018 Public disclosure
Reference
https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente/