Insufficient Access Control in LibreNMS Product by LibreNMS
CVE-2020-15877
8.8HIGH
What is CVE-2020-15877?
An issue found in LibreNMS versions prior to 1.65.1 reveals inadequate access control for standard users due to an incorrect implementation in route definitions. The vulnerability arises from using incorrect guard configurations, allowing unintended access to features meant solely for administrative users. It is crucial for organizations using affected versions to upgrade to version 1.65.1 or later to mitigate potential unauthorized access.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved