Netdata vulnerable to command injection
CVE-2023-22496
Key Information:
Badges
What is CVE-2023-22496?
Netdata, an open-source real-time infrastructure monitoring tool, contains a vulnerability that allows attackers to execute arbitrary commands on the Netdata agent. This occurs when an attacker establishes a streaming connection and triggers an alert, thereby exploiting the function health_alarm_execute. Due to improper input handling, the registry_hostname argument can be manipulated to include malicious commands. When utilized, this vulnerability enables remote execution as the user running the Netdata Agent, commonly named netdata. To mitigate this issue, ensure updates to Netdata agent version 1.37 or v1.36.0-409 are applied. Temporarily disabling the streaming feature or restricting port access to trusted connections can also help minimize exposure.
Affected Version(s)
netdata < 1.36.0-409 < 1.36.0-409
netdata < 1.37 < 1.37
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
36% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
