CVE-2024-42469 – This vulnerability in openHAB's CometVisu add-o... (How to Fix)

Q: What is the severity of CVE-2024-42469?

CVE-2024-42469 has a CVSS score of 9.8 (CRITICAL). This vulnerability in openHAB's CometVisu add-on allows unauthenticated attackers to overwrite files via path traversal. If shell scripts are overwritten and later executed, this can lead to remote code execution. All openHAB instances using CometVisu versions before 4.2.1 are affected.

📋 TL;DR

This vulnerability in openHAB's CometVisu add-on allows unauthenticated attackers to overwrite files via path traversal. If shell scripts are overwritten and later executed, this can lead to remote code execution. All openHAB instances using CometVisu versions before 4.2.1 are affected.

💻 Affected Systems

Products:

openHAB with CometVisu add-on

Versions: All versions before 4.2.1

Operating Systems: All platforms running openHAB

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with CometVisu add-on enabled. openHAB core is not vulnerable.

📦 What is this software?

Openhab by Openhab

View all CVEs affecting Openhab →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

File system corruption, denial of service, or privilege escalation if shell scripts are overwritten.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access.

🌐 Internet-Facing: HIGH - Unauthenticated access makes this easily exploitable from the internet.

🏢 Internal Only: HIGH - Even internal attackers can exploit this without authentication.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

No authentication required and path traversal is straightforward. Attackers only need network access to the openHAB instance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.1

Vendor Advisory: https://github.com/openhab/openhab-webui/security/advisories/GHSA-f729-58x4-gqgf

Restart Required: Yes

Instructions:

1. Update openHAB to latest version. 2. Update CometVisu add-on to version 4.2.1 or higher. 3. Restart openHAB service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable CometVisu add-on

all

Temporarily disable the vulnerable CometVisu visualization add-on

openhab-cli stop
Remove or disable CometVisu add-on from addons.cfg
openhab-cli start

Network isolation

linux

Restrict network access to openHAB instance

iptables -A INPUT -p tcp --dport 8080 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the openHAB instance
Monitor file system changes in openHAB directories and alert on unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Check CometVisu version in openHAB add-ons list. If version is below 4.2.1, system is vulnerable.

Check Version:

Check openHAB add-ons configuration file or web interface for CometVisu version

Verify Fix Applied:

Confirm CometVisu version is 4.2.1 or higher in openHAB add-ons configuration.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access to CometVisu endpoints
File modification attempts in openHAB directories
Unusual file write operations

Network Indicators:

HTTP requests to CometVisu file endpoints without authentication
Multiple file upload attempts

SIEM Query:

source="openhab" AND (uri_path="/cometvisu/*" AND http_method="POST") AND user="-"

📊 Metadata

CVE ID: CVE-2024-42469

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: August 12, 2024

Last Updated: September 12, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42469, you might also want to check these: