overview

A vulnerability (CVE-2023-0871) with a CVSS score of 8.8 has been discovered in both the versions of OpenNMS: the one that is supported by the community and the other that requires a subscription. OpenNMS is a popular open-source software used for monitoring computer networks. The software is trusted by companies like Savannah Rive Nuclear Solutions, Cisco, and GigaComm.  

Businesses use OpenNMS to monitor their local and widespread networks for various purposes. These include keeping track of performance, monitoring network traffic, fault detection, and creating alerts. This platform, built on Java, can handle the monitoring of both actual and virtual networks, along with applications, servers, business performance markers, and personalized measurements. 

Discovered by Synopsys, CVE-2023-0871 is an XML external entity (XXE) injection vulnerability that provides attackers with a method to extract data from the file server system of OpenNMS. This vulnerability also allows them to initiate unrestricted HTTP requests to both internal and external services, as well as initiate denial-of-service conditions on systems. If exploited, attackers could leak sensitive data belonging to large Fortune 500 companies, as well as critical infrastructure organizations. 

CVE-2023-0871 could allow threat actors to make unauthorized requests, steal data, and disrupt systems. It’s important for organizations using OpenNMS to the below recommendations as soon as possible.   

 

 

avertium's recommendationS

  • Because CVE-2023-0871 impacts OpenNMS Horizon 31.0.8 and versions prior to 32.0.2, organizations still using those versions should upgrade to the following:  
    • Meridian 2023.1.6 
    • Meridian 2022.1.19 
    • Meridian 2021.1.30 
    • Meridian 2020.1.38 
    • Horizon 32.0.2 or newer 
  • OpenNMS’s advisory mentioned that Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. Please the OpenNMS advisory for more information.  

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-0871. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  

    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 







SUPPORTING DOCUMENTATION

Issue navigator - OpenNMS Jira (atlassian.net) 

Update openms_clang_format.yml (#7005) · OpenMS/OpenMS@ab14d02 · GitHub 

CyRC Vulnerability Advisory: CVE-2023-0871 Vulnerability in OpenNMS Horizon | Synopsys 

Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service (darkreading.com) 
Chat With One of Our Experts



Flash Notice High-Severity Vulnerability OpenNMS Blog