Vulnerability Details CVE-2017-16759
The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.5%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- https://blog.librenms.org/2017/08/22/librenms-security-fix-during-the-installation-process/
- https://github.com/librenms/librenms/commit/7887b2e1c7158204ac69ca43beafce66e4d3a3b4
- https://github.com/librenms/librenms/commit/d3094fa6578b29dc34fb5a7d0bd6deab49ecc911
- https://github.com/librenms/librenms/pull/7184
- https://blog.librenms.org/2017/08/22/librenms-security-fix-during-the-installation-process/
- https://github.com/librenms/librenms/commit/7887b2e1c7158204ac69ca43beafce66e4d3a3b4
- https://github.com/librenms/librenms/commit/d3094fa6578b29dc34fb5a7d0bd6deab49ecc911
- https://github.com/librenms/librenms/pull/7184
Products affected by CVE-2017-16759
-
cpe:2.3:a:librenms:librenms:-
-
cpe:2.3:a:librenms:librenms:0.1
-
cpe:2.3:a:librenms:librenms:1.19
-
cpe:2.3:a:librenms:librenms:1.20
-
cpe:2.3:a:librenms:librenms:1.20.1
-
cpe:2.3:a:librenms:librenms:1.21
-
cpe:2.3:a:librenms:librenms:1.22
-
cpe:2.3:a:librenms:librenms:1.22.01
-
cpe:2.3:a:librenms:librenms:1.23
-
cpe:2.3:a:librenms:librenms:1.24
-
cpe:2.3:a:librenms:librenms:1.25
-
cpe:2.3:a:librenms:librenms:1.26
-
cpe:2.3:a:librenms:librenms:1.27
-
cpe:2.3:a:librenms:librenms:1.28
-
cpe:2.3:a:librenms:librenms:1.29
-
cpe:2.3:a:librenms:librenms:1.30