A critical vulnerability (CVE-2024-11664) has been identified in eNMS systems up to version 4.2. The affected component is the TGZ File Handler, specifically the function multiselect_filtering in the file eNMS/controller.py. The vulnerability allows for path traversal attacks, which may be initiated remotely. The exploit has been publicly disclosed, increasing the risk of its use. A patch, identified as 22bb443acca740fc83b5544165c1f53eff3f529, has been released to address the vulnerability.

Details

The eNMS system is a popular open-source network management system which allows an administrator to manage multiple components of a network in a single unified platform. Due to the critical vulnerability found, attackers are able to exploit the TGZ File Handler component remotely. By manipulating the multiselect_filtering function within the eNMS/controller.py file, an attacker can exploit path traversal attack to access sensitive files or areas of a target system.

Original references

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11664
- https://nvd.nist.gov/vuln/detail/CVE-2024-11664

Below is an example of the vulnerable code present in the eNMS/controller.py file

def multiselect_filtering(self, **kwargs):
    filename = request.form["tgz_file"]
    file_path = f"/eNMS/tgz_files/{filename}"
    ...

Exploit Details

An attacker can manipulate the filename variable to add malicious paths which could lead to unauthorized access to sensitive files or folders within the target system. For example, an attacker could provide the following input:

filename = "../../../../../../../etc/passwd"

This would lead to the system attempting to access the /etc/passwd file, which contains sensitive user account information.

Patch Information

The vulnerability has been addressed in the following patch: https://github.com/eNMS/eNMS/commit/22bb443acca740fc83b5544165c1f53eff3f529

To apply the patch, it is recommended to update the affected eNMS system to the latest version or manually implement the changes provided in the patch.

Review access controls and ensure that only authorized users have access to the eNMS system.

- Continue monitoring security advisories and vulnerability disclosure resources to stay informed of potential threats.

Timeline

Published on: 11/25/2024 09:15:06 UTC
Last modified on: 12/04/2024 19:28:26 UTC