Code Injection in librenms/librenms
CVE-2023-4977

7.3HIGH

Key Information:

Vendor: Librenms
Status: Librenms/librenms
Vendor: CVE Published:; 15 September 2023

What is CVE-2023-4977?

A code injection vulnerability has been identified in the LibreNMS software, which could allow an attacker to execute arbitrary code on systems running affected versions. This flaw, present in versions prior to 23.9.0, poses significant security risks, potentially enabling unauthorized access or manipulation of the system. Users are advised to update to the latest version to mitigate this risk. For detailed information, refer to the commit made by the LibreNMS team and related reports.

Affected Version(s)

librenms/librenms < 23.9.0

References

https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959eb...

https://github.com/librenms/librenms/commit/1194934d31c79...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2023
Vulnerability Reserved
Sep 15, 2023

Librenms

What is CVE-2023-4977?

Affected Version(s)

References

CVSS V3.1

Timeline