CVE-2024-51740
📋 TL;DR
This vulnerability in Combodo iTop allows low-privileged users to make HTTP requests on behalf of the server, potentially leading to server-side request forgery (SSRF). It affects iTop installations with vulnerable versions of the user portal form manager. Users of affected iTop versions are at risk.
💻 Affected Systems
- Combodo iTop
📦 What is this software?
Itop by Combodo
Itop by Combodo
Itop by Combodo
⚠️ Risk & Real-World Impact
Worst Case
An attacker could use SSRF to access internal services, perform port scanning, or interact with cloud metadata services to escalate privileges or steal sensitive data.
Likely Case
Low-privileged users could probe internal network services, potentially discovering other vulnerable systems or accessing limited internal resources.
If Mitigated
With proper network segmentation and least-privilege access controls, impact would be limited to the iTop server's network perspective only.
🎯 Exploit Status
Exploitation requires authenticated low-privileged access and knowledge of the vulnerable form manager component.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.11, 3.0.5, 3.1.2, or 3.2.0 depending on your version
Vendor Advisory: https://github.com/Combodo/iTop/security/advisories/GHSA-w9g8-mxm5-ph62
Restart Required: Yes
Instructions:
1. Identify your current iTop version. 2. Backup your iTop installation and database. 3. Download the appropriate patched version from the official iTop repository. 4. Follow iTop's upgrade documentation for your version. 5. Restart the web server service.
🧯 If You Can't Patch
- Restrict low-privileged user access to the iTop user portal if not required.
- Implement network controls to limit the iTop server's outbound HTTP connections to only necessary services.
🔍 How to Verify
Check if Vulnerable:
Check your iTop version in the application interface or by examining the installation directory. Compare against affected versions.Check Version:
Check the iTop web interface admin panel or examine the 'config-itop.php' file for version information.Verify Fix Applied:
After upgrading, verify the version shows as 2.7.11, 3.0.5, 3.1.2, or 3.2.0 or higher in the iTop interface.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests originating from the iTop server IP
- Multiple failed connection attempts to internal services from iTop
Network Indicators:
- HTTP traffic from iTop server to unexpected internal IPs or services
- Port scanning patterns originating from iTop server
SIEM Query:
source="iTop_logs" AND (http_request OR outbound_connection) AND NOT destination IN [allowed_services]