CVE-2019-10765 – CVE-2019-10765 is a path traversal vulnerabilit... (How to Fix)

📋 TL;DR

CVE-2019-10765 is a path traversal vulnerability in ioBroker.admin that allows attackers to read arbitrary files outside the intended /log/file1/ directory. This affects all systems running ioBroker.admin versions before 3.6.12. Attackers can exploit this to access sensitive system files and configuration data.

💻 Affected Systems

Products:

ioBroker.admin

Versions: All versions before 3.6.12

Operating Systems: All platforms running Node.js

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all default installations of vulnerable ioBroker.admin versions.

📦 What is this software?

Iobroker.admin by Iobroker

View all CVEs affecting Iobroker.admin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through reading sensitive files like SSH keys, passwords, or configuration files leading to privilege escalation and lateral movement.

🟠

Likely Case

Unauthorized access to sensitive configuration files, logs, or credentials stored on the server.

🟢

If Mitigated

Limited impact with proper network segmentation and file system permissions restricting access to critical files.

🌐 Internet-Facing: HIGH - If exposed to the internet, attackers can directly exploit this without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple path traversal attack requiring minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.12 and later

Vendor Advisory: https://github.com/ioBroker/ioBroker.admin/commit/16b2b325ab47896090bc7f54b77b0a97ed74f5cd

Restart Required: Yes

Instructions:

1. Update ioBroker.admin to version 3.6.12 or later using npm: npm update iobroker.admin
2. Restart the ioBroker service
3. Verify the update completed successfully

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to ioBroker.admin interface

Use firewall rules to block external access to ioBroker.admin port (default 8081)

File System Restrictions

linux

Apply strict file permissions to limit accessible directories

chmod 700 /path/to/sensitive/directories
chown root:root /path/to/sensitive/files

🧯 If You Can't Patch

Implement strict network segmentation to isolate ioBroker systems from untrusted networks
Apply principle of least privilege to file system permissions and restrict ioBroker process access

🔍 How to Verify

Check if Vulnerable:

Check ioBroker.admin version: npm list iobroker.admin | grep iobroker.admin

Check Version:

npm list iobroker.admin | grep iobroker.admin

Verify Fix Applied:

Verify version is 3.6.12 or higher: npm list iobroker.admin | grep iobroker.admin

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in ioBroker logs
Requests with ../ sequences in URL parameters

Network Indicators:

HTTP requests containing path traversal sequences (../, ..\) to ioBroker.admin endpoints

SIEM Query:

source="ioBroker" AND (url="*../*" OR url="*..\\*")

📊 Metadata

CVE ID: CVE-2019-10765

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: November 20, 2019

Last Updated: November 21, 2024

🔗 References

https://github.com/ioBroker/ioBroker.admin/commit/16b2b325ab47896090bc7f54b77b0a97ed74f5cd Patch,Third Party Advisory
https://snyk.io/vuln/SNYK-JS-IOBROKERADMIN-534634 Exploit,Third Party Advisory
https://github.com/ioBroker/ioBroker.admin/commit/16b2b325ab47896090bc7f54b77b0a97ed74f5cd Patch,Third Party Advisory
https://snyk.io/vuln/SNYK-JS-IOBROKERADMIN-534634 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-10765, you might also want to check these: