Login Sign Up

CVE-2024-40733

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

This CVE describes a cross-site scripting (XSS) vulnerability in NetBox v4.0.3 that allows attackers to inject malicious scripts into the Name parameter when editing front ports. This affects any NetBox instance running the vulnerable version, potentially compromising user sessions and data.

💻 Affected Systems

Products:
  • NetBox
Versions: v4.0.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific endpoint /dcim/front-ports/{id}/edit/ with the Name parameter.

📦 What is this software?

Netbox by Netbox

View all CVEs affecting Netbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, hijack user sessions, deface the application, or redirect users to malicious sites, leading to complete system compromise.

🟠

Likely Case

Attackers would typically steal session cookies or credentials, potentially gaining unauthorized access to the NetBox administration interface.

🟢

If Mitigated

With proper input validation and output encoding, the attack would be prevented, resulting in no impact.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authentication to access the edit endpoint, but the XSS payload execution occurs in victim browsers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.0.4 or later

Vendor Advisory: https://github.com/netbox-community/netbox/releases

Restart Required: Yes

Instructions:

1. Backup your NetBox instance. 2. Update to NetBox v4.0.4 or later using pip: 'pip install --upgrade netbox'. 3. Restart the NetBox service: 'systemctl restart netbox'.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize the Name parameter, rejecting or encoding special characters.

Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules to block malicious payloads targeting the vulnerable endpoint.

🧯 If You Can't Patch

  • Restrict access to the /dcim/front-ports/{id}/edit/ endpoint using network ACLs or authentication requirements.
  • Implement Content Security Policy (CSP) headers to mitigate the impact of XSS attacks.

🔍 How to Verify

Check if Vulnerable:

Check if your NetBox version is v4.0.3 by running: 'python -c "import netbox; print(netbox.__version__)"'.

Check Version:

python -c "import netbox; print(netbox.__version__)"

Verify Fix Applied:

After updating, verify the version is v4.0.4 or later using the same command and test the endpoint with a safe XSS payload like '<script>alert(1)</script>' to ensure it's sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /dcim/front-ports/{id}/edit/ with script tags or JavaScript in parameters
  • Multiple failed login attempts followed by access to the endpoint

Network Indicators:

  • HTTP requests containing malicious scripts in the Name parameter
  • Unexpected outbound connections from NetBox server after endpoint access

SIEM Query:

source="netbox" AND (url="/dcim/front-ports/*/edit/" AND (param="Name" AND value="*<script>*"))

📊 Metadata

CVE ID: CVE-2024-40733
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: July 9, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40733, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)