Multiple vulnerabilities in Opsview Monitor
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2018-16148 CVE-2018-16147 CVE-2018-16146 CVE-2018-16144 CVE-2018-16145 |
| CWE-ID | CWE-79 CWE-77 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
Opsview Monitor Client/Desktop applications / Software for system administration |
| Vendor | Opsview |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Reflected cross-site scripting
EUVDB-ID: #VU14603
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-16148
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform reflected cross-site scripting (XSS) attacks.
The vulnerability exists in the 'diagnosticsb2ksy' parameter of the '/rest' endpoint due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationThe vulnerability has been fixed in the versions 5.3.1, 5.4.2, 6.0.
Vulnerable software versionsOpsview Monitor: 5.2 - 5.4
External linkshttp://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Persistent cross-site scripting
EUVDB-ID: #VU14604
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-16147
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform persistent cross-site scripting (XSS) attacks.
The vulnerability exists in the 'data' parameter of the '/settings/api/router' endpoint due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationThe vulnerability has been fixed in the versions 5.3.1, 5.4.2, 6.0.
Vulnerable software versionsOpsview Monitor: 5.2 - 5.4
External linkshttp://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Command injection
EUVDB-ID: #VU14605
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-16146
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe disclosed vulnerability allows a local administrative attacker to execute arbitrary commands on the target system.
The vulnerability exists due to the 'value' parameter is not properly sanitized. A local attacker can access a Opsview Web Management console functionality, test notifications that are triggered under certain configurable events and execute arbitrary commands with nagios' user privileges.
MitigationThe vulnerability has been fixed in the versions 5.3.1, 5.4.2, 6.0.
Vulnerable software versionsOpsview Monitor: 5.2 - 5.4
External linkshttp://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Command injection
EUVDB-ID: #VU14606
Risk: Low
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16144
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The vulnerability exists in the test connection functionality due to an improper sanitization of the 'rancid_password' parameter. A remote attacker can automate the backing up of network devices' configuration files to a centralized location and execute arbitrary commands with elevated privileges.
MitigationThe vulnerability has been fixed in the versions 5.3.1, 5.4.2, 6.0.
Vulnerable software versionsOpsview Monitor: 5.2 - 5.4
External linkshttp://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU14607
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-16145
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe disclosed vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to the '/etc/init.d/opsview-reporting-module' script invokes the '/opt/opsview/jasper/bin/db_jasper' script. A local attacker can cause the scripts that run at boot time to impersonate nagios user during its execution and gain elevated privileges.
MitigationThe vulnerability has been fixed in the versions 5.3.1, 5.4.2, 6.0.
Vulnerable software versionsOpsview Monitor: 5.2 - 5.4
External linkshttp://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
