Login Sign Up

CVE-2024-32480

7.2 HIGH
SQL Injection

📋 TL;DR

This SQL injection vulnerability in LibreNMS allows attackers to manipulate database queries through the 'order' parameter, potentially extracting entire database contents. All LibreNMS instances running versions before 24.4.0 are affected. The vulnerability stems from insufficient input validation before SQL statement concatenation.

💻 Affected Systems

Products:
  • LibreNMS
Versions: All versions prior to 24.4.0
Operating Systems: Any OS running LibreNMS
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Librenms by Librenms

View all CVEs affecting Librenms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including sensitive configuration data, user credentials, and network monitoring information leading to full system takeover.

🟠

Likely Case

Data exfiltration of sensitive information including device credentials, network topology, and user data.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting query execution.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable without authentication.
🏢 Internal Only: MEDIUM - Internal instances still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection via HTTP parameters requires minimal technical skill. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.4.0

Vendor Advisory: https://github.com/librenms/librenms/security/advisories/GHSA-jh57-j3vq-h438

Restart Required: No

Instructions:

1. Backup your LibreNMS installation and database. 2. Update to version 24.4.0 or later using git: 'git pull origin master'. 3. Run database updates: './daily.sh'. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation for the 'order' parameter to restrict to allowed values only

Modify PHP code to validate 'order' parameter against whitelist of allowed column names

Web Application Firewall

all

Deploy WAF rules to block SQL injection patterns in HTTP requests

Configure WAF to detect and block SQL injection patterns in URL parameters

🧯 If You Can't Patch

  • Restrict network access to LibreNMS instances using firewall rules
  • Implement database user with minimal permissions (read-only where possible)

🔍 How to Verify

Check if Vulnerable:

Check LibreNMS version: 'grep 'version' /opt/librenms/includes/vars.php' or via web interface at /ajax_output.php?type=version

Check Version:

grep "\$config['version']" /opt/librenms/includes/vars.php

Verify Fix Applied:

Confirm version is 24.4.0 or later and check commit 83fe4b10c440d69a47fe2f8616e290ba2bd3a27c is present

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple requests with 'order' parameter containing SQL keywords

Network Indicators:

  • HTTP requests with SQL injection patterns in 'order' parameter

SIEM Query:

source="web_access.log" AND ("order=SELECT" OR "order=UNION" OR "order=--" OR "order=/*")

📊 Metadata

CVE ID: CVE-2024-32480
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: April 22, 2024
Last Updated: January 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-32480, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)