Vulnerability Description
An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librenms | Librenms | <= 1.47 |
Related Weaknesses (CWE)
References
- https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xlExploitThird Party Advisory
- https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xlExploitThird Party Advisory
FAQ
What is CVE-2019-10665?
CVE-2019-10665 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validat...
How severe is CVE-2019-10665?
CVE-2019-10665 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10665?
Check the references section above for vendor advisories and patch information. Affected products include: Librenms Librenms.