CyRC Vulnerability Advisory: CVE-2023-0871 Vulnerability in OpenNMS Horizon
2023-8-15 20:0:2 Author: www.synopsys.com(查看原文) 阅读量:33 收藏

Posted by on Tuesday, August 15, 2023

CVE-2023-0871 is an XML External Entity injection vulnerability in OpenNMS Horizon. 

Overview

The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-0871, an XML External Entity injection vulnerability, in OpenNMS Horizon.

OpenNMS is a Java-Language Open-Source network monitoring platform. The OpenNMS platform monitors some of the largest networks in the Fortune 500, covering the healthcare, technology, energy, finance, government, education, retail, and industrial sectors, many with tens of thousands of networked devices.

OpenNMS comes in two open source distributions: Horizon (community release) and Meridian (enterprise release) with the AGPLv3 license. Additional components enhance the platform with distributed network monitoring (Minion), scalability (Sentinel), and scalable data persistence (Newts).

CVE-2023-0871

Due to a permissive XML parser configuration, the application is vulnerable to XML External Entity injection.

Exploitation

When sending a malicious HTTP request with XML payload, it is possible to exfiltrate files from the OpenNMS server file system or cause denial of service. The vulnerable HTTP endpoint requires user credentials, for users with the role RTC.

Affected software

  • OpenNMS Horizon 0.8 and earlier versions

Impact

Exploitation of this vulnerability would lead to

  • Data leakage (XXE: Blind Local File Inclusion)
  • Denial of service
  • Server-side request forgery – sending arbitrary HTTP requests to internal and external services

CVSS Base Score: 8.8 (High)

CVSS 3.1 Vector:  AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

The data leakage is limited to textual files the application process is permitted to read, with one line of text.

Remediation

This vulnerability was fixed in the Horizon 32.0.2 and Meridian 2023.1.6 releases.

Discovery credit

This vulnerability was discovered by a SIG software engineer, Moshe Apelbaum from Israel using Seeker®, Interactive Application Security Testing (IAST) tool.

Timeline

  • June 22: Initial Disclosure & Confirmation of Receipt
  • August 1: OpenNMS Confirms Patch Finalized
  • August 9: OpenNMS Released Patch
  • August 15: Synopsys Published Advisory

References

https://www.opennms.com/

https://github.com/OpenMS/OpenMS

About CVSS

FIRST.Org, Inc (FIRST) is a non-profit organization based out of US that owns and manages CVSS. It is not required to be a member of FIRST to utilize or implement CVSS but FIRST does require any individual or organization give appropriate attribution while using CVSS. FIRST also states that any individual or organization that publishes scores follow the guideline so that anyone can understand how the score was calculated.

Learn more about the CyRC


文章来源: https://www.synopsys.com/blogs/software-security/cyrc-advisory-cve-2023-0871-opennms/
如有侵权请联系:admin#unsafe.sh