Login Sign Up

CVE-2024-51496

4.8 MEDIUM
Cross-Site Scripting

📋 TL;DR

This is a reflected cross-site scripting (XSS) vulnerability in LibreNMS that allows attackers to inject malicious JavaScript via the 'metric' parameter in wireless and health endpoints. When exploited, it can compromise user sessions and enable unauthorized actions. All LibreNMS users with vulnerable versions are affected.

💻 Affected Systems

Products:
  • LibreNMS
Versions: All versions before 24.10.0
Operating Systems: All platforms running LibreNMS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects both wireless and health endpoints. Requires user interaction (clicking malicious link).

📦 What is this software?

Librenms by Librenms

View all CVEs affecting Librenms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal admin session cookies, gain full administrative access to LibreNMS, and potentially compromise the entire monitoring system and monitored network devices.

🟠

Likely Case

Attackers steal user session cookies to impersonate legitimate users, perform unauthorized actions within LibreNMS, and potentially pivot to other systems.

🟢

If Mitigated

Limited impact due to proper input validation, output encoding, and Content Security Policy (CSP) headers preventing script execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple reflected XSS requiring user to click malicious link. No authentication needed to trigger vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.10.0

Vendor Advisory: https://github.com/librenms/librenms/security/advisories/GHSA-28p7-f6h6-3jh3

Restart Required: No

Instructions:

1. Backup your LibreNMS installation and database. 2. Update to version 24.10.0 or later using git: 'git pull origin master'. 3. Run database updates: './lnms migrate'. 4. Clear cache: './lnms config:cache:clear'.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation for metric parameter to reject malicious payloads

Modify LibreNMS source code to validate metric parameter values

Web Application Firewall (WAF)

all

Configure WAF rules to block XSS payloads in URL parameters

Add XSS detection rules to your WAF configuration

🧯 If You Can't Patch

  • Implement strict Content Security Policy (CSP) headers to prevent script execution
  • Use web application firewall to filter malicious metric parameter values

🔍 How to Verify

Check if Vulnerable:

Test by accessing /wireless?metric=<script>alert('test')</script> and checking if script executes

Check Version:

cd /opt/librenms && git describe --tags

Verify Fix Applied:

After update, test same payload - should see encoded output instead of script execution

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests with suspicious metric parameter values containing script tags or JavaScript

Network Indicators:

  • Unusual requests to /wireless or /health endpoints with encoded payloads

SIEM Query:

source="librenms_access.log" AND (uri_path="/wireless" OR uri_path="/health") AND query_string="*metric=*script*"

📊 Metadata

CVE ID: CVE-2024-51496
CVSS v3 Score: 4.8 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: November 15, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-51496, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)