CVE-2024-47527 – This stored XSS vulnerability in LibreNMS allow... (How to Fix)

Q: What is the severity of CVE-2024-47527?

CVE-2024-47527 has a CVSS score of 7.5 (HIGH). This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript through device names in the Device Dependencies feature. When other users view affected pages, the malicious code executes in their session context, potentially compromising their accounts. All LibreNMS instances with vulnerable versions are affected.

📋 TL;DR

This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript through device names in the Device Dependencies feature. When other users view affected pages, the malicious code executes in their session context, potentially compromising their accounts. All LibreNMS instances with vulnerable versions are affected.

💻 Affected Systems

Products:

LibreNMS

Versions: All versions before 24.9.0

Operating Systems: Any OS running LibreNMS

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the Device Dependencies feature.

📦 What is this software?

Librenms by Librenms

View all CVEs affecting Librenms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains administrative privileges, modifies system configurations, steals sensitive data, or deploys ransomware across monitored infrastructure.

🟠

Likely Case

Attackers hijack user sessions to perform unauthorized actions, steal credentials, or pivot to other systems in the network.

🟢

If Mitigated

With proper input validation and output encoding, the attack is prevented, though the vulnerability still exists in the codebase.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.9.0

Vendor Advisory: https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v

Restart Required: No

Instructions:

1. Backup your LibreNMS installation and database. 2. Update LibreNMS to version 24.9.0 or later using your preferred method (git pull, package manager, or manual update). 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize device names before storage.

Modify LibreNMS source code to add HTML entity encoding for the hostname parameter in device dependency handling.

🧯 If You Can't Patch

Restrict user permissions to limit who can modify device dependencies.
Implement a web application firewall (WAF) with XSS protection rules.

🔍 How to Verify

Check if Vulnerable:

Check if your LibreNMS version is below 24.9.0 by visiting the web interface or checking the installation directory.

Check Version:

cd /opt/librenms && ./lnms --version

Verify Fix Applied:

After updating, confirm the version is 24.9.0 or higher and test device name input for XSS payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual device name entries containing script tags or JavaScript code in database logs or application logs.

Network Indicators:

HTTP requests with suspicious payloads in device name parameters to LibreNMS endpoints.

SIEM Query:

source="librenms_access.log" AND (uri="/ajax_form.php" OR uri="/device-dependencies") AND (message="*<script>*" OR message="*javascript:*")

📊 Metadata

CVE ID: CVE-2024-47527

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

CWE: CWE-79

Published: October 1, 2024

Last Updated: October 7, 2024

🔗 References

https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685 Product
https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-47527, you might also want to check these: