ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users
CVE-2023-0872

8.2HIGH

Key Information:

Vendor: The Opennms Group
Status: Horizon; Meridian
Vendor: CVE Published:; 14 August 2023

🔔 Create The Opennms Group Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2023-0872?

The Horizon REST API in OpenMNS versions 31.0.8 and earlier is exposed to a vulnerability that allows elevation of privilege through a flaw in the users endpoint. This issue necessitates an upgrade to versions 32.0.2 or newer to mitigate the risks. OpenNMS emphasizes that both Meridian and Horizon installations are meant for private networks and should not be accessible from public internet sources.

Affected Version(s)

Horizon Windows 31.0.8 < 32.0.2

Meridian Windows 2020.0.0 <= 2020.1.37

Meridian Windows 2021.0.0 <= 2021.1.29

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2023-0872
Created by Rapid7

References

https://docs.opennms.com/horizon/32/releasenotes/changelo...

https://github.com/OpenNMS/opennms/pull/6354

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Dec 13, 2023
👾
Exploit known to exist
Dec 13, 2023
Vulnerability published
Aug 14, 2023
Vulnerability Reserved
Feb 16, 2023

Credit

Erik Wynter