CVE-2024-32461 – This SQL injection vulnerability in LibreNMS al... (How to Fix)

Q: What is the severity of CVE-2024-32461?

CVE-2024-32461 has a CVSS score of 7.1 (HIGH). This SQL injection vulnerability in LibreNMS allows authenticated users with global read privileges to execute arbitrary SQL commands via the package parameter in the search endpoint. Attackers can exploit this to extract sensitive data like administrator credentials from the database. Only LibreNMS versions prior to 24.4.0 are affected.

📋 TL;DR

This SQL injection vulnerability in LibreNMS allows authenticated users with global read privileges to execute arbitrary SQL commands via the package parameter in the search endpoint. Attackers can exploit this to extract sensitive data like administrator credentials from the database. Only LibreNMS versions prior to 24.4.0 are affected.

💻 Affected Systems

Products:

LibreNMS

Versions: All versions prior to 24.4.0

Operating Systems: Any OS running LibreNMS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user with global read privileges to exploit. Default installations may have such users.

📦 What is this software?

Librenms by Librenms

View all CVEs affecting Librenms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to credential theft, data exfiltration, and potential privilege escalation to full system control.

🟠

Likely Case

Extraction of administrator credentials and sensitive monitoring data, leading to unauthorized access and potential lateral movement.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege access controls are implemented.

🌐 Internet-Facing: HIGH if exposed to internet with vulnerable version, as authenticated users can exploit.

🏢 Internal Only: HIGH as authenticated internal users can exploit to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but uses simple SQL injection techniques. Time-based blind SQL injection allows data extraction.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.4.0

Vendor Advisory: https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34

Restart Required: No

Instructions:

1. Backup your LibreNMS installation and database. 2. Update to version 24.4.0 or later using your package manager or git pull. 3. Run ./daily.sh to update database schema if needed. 4. Verify the fix by checking version and testing the vulnerable endpoint.

🔧 Temporary Workarounds

Restrict Access to Search Endpoint

all

Block or restrict access to the vulnerable /search/search=packages endpoint via web server configuration or firewall rules.

# Apache: <Location "/search/search=packages"> Require all denied </Location>
# Nginx: location /search/search=packages { deny all; }

Remove Global Read Privileges

all

Review and remove global read privileges from non-administrative users to limit attack surface.

# Check current privileges in LibreNMS admin panel
# Remove unnecessary global read permissions

🧯 If You Can't Patch

Implement strict network segmentation to isolate LibreNMS from critical systems
Enforce principle of least privilege by reviewing and minimizing user permissions

🔍 How to Verify

Check if Vulnerable:

Check LibreNMS version. If version is below 24.4.0, the system is vulnerable. Also verify if any users have global read privileges.

Check Version:

cd /opt/librenms && git describe --tags 2>/dev/null || grep 'version' includes/vars.php

Verify Fix Applied:

After updating to 24.4.0+, verify version and test that SQL injection attempts on /search/search=packages endpoint no longer work.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple requests to /search/search=packages with SQL-like parameters
Time-delayed responses from search endpoint

Network Indicators:

POST requests to /search/search=packages with SQL injection payloads
Unusual outbound database connections from web server

SIEM Query:

source="web_access.log" AND uri="/search/search=packages" AND (param="package" AND value MATCHES "(?i)(SELECT|UNION|SLEEP|WAITFOR|BENCHMARK)")

📊 Metadata

CVE ID: CVE-2024-32461

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-89

Published: April 22, 2024

Last Updated: January 2, 2025

🔗 References

https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6 Exploit
https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33 Patch
https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34 Exploit,Vendor Advisory
https://doc.clickup.com/9013166444/p/h/8ckm0bc-53/16811991bb5fff6 Exploit
https://github.com/librenms/librenms/commit/d29201fce134347f891102699fbde7070debee33 Patch
https://github.com/librenms/librenms/security/advisories/GHSA-cwx6-cx7x-4q34 Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32461, you might also want to check these: