Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Multiple Vulnerabilities Addressed in Opsview Monitor

Opsview recently addressed a series of remote code-execution, command-execution and local privilege-escalation vulnerabilities in the Opsview Monitor.

Opsview recently addressed a series of remote code-execution, command-execution and local privilege-escalation vulnerabilities in the Opsview Monitor.

A proprietary monitoring application for networks and applications, Opsview Monitor “helps DevOps teams deliver smarter business services by providing unified insight into their dynamic IT operations whether on-premises, in the cloud, or hybrid,” the company says.

The software is impacted by five vulnerabilities that could provide attackers with the ability to access the management console and execute commands on the operating system.

Discovered by Core Security researchers earlier this year, the bugs were confirmed to impact all supported versions of Opsview Monitor (5.4, 5.3 and 5.2). In addition to patches (the 5.4.2 and 5.3.1 updates) for the affected versions, Opsview also released a new product iteration that removed the issues from the start.

A virtual appliance deployed inside the organization’s network infrastructure, Opsview Monitor is bundled with a Web Management Console that allows for the monitoring and management of hosts and their services.

The first two issues found in the appliance could be abused to execute malicious JavaScript code in the context of a legitimate user. These are CVE-2018-16148, a reflected Cross-Site Scripting (XSS) in the ‘diagnosticsb2ksy’ parameter of the ‘/rest‘ endpoint, and CVE-2018-16147, a persistent XSS in the ‘data’ parameter of the ‘/settings/api/router‘ endpoint.

“The input will be stored without any sanitization and rendered every time the /settings section is visited by the user. […] this XSS is self-stored and it’s ex
ecuted only in the context of the victim’s session. [The] vulnerability can be exploited by an attacker to gain persistency and execute the malicious code each time the victim accesses to the settings section,” Core Security explains.

Two other vulnerabilities could allow an attacker to obtain command execution on the system as the nagios user. Tracked as CVE-2018-16146 and CVE-2018-16144, both of these are improper sanitization bugs.

Advertisement. Scroll to continue reading.

Tracked as CVE-2018-16145, the fifth vulnerability could lead to local privilege escalation. An attacker could edit a specific part of a script to execute code once the appliance is rebooted (at boot, scripts impersonate the nagios user during their execution).

The bugs were reported to Opsview in early May and were confirmed within a week. The company released Opsview Monitor 6.0 at the end of July and pushed fixes for previous software iteration last week.  

Related: Network Management Systems Vulnerable to SNMP-Based Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.