overview
A vulnerability (CVE-2023-0871) with a CVSS score of 8.8 has been discovered in both the versions of OpenNMS: the one that is supported by the community and the other that requires a subscription. OpenNMS is a popular open-source software used for monitoring computer networks. The software is trusted by companies like Savannah Rive Nuclear Solutions, Cisco, and GigaComm.
Businesses use OpenNMS to monitor their local and widespread networks for various purposes. These include keeping track of performance, monitoring network traffic, fault detection, and creating alerts. This platform, built on Java, can handle the monitoring of both actual and virtual networks, along with applications, servers, business performance markers, and personalized measurements.
Discovered by Synopsys, CVE-2023-0871 is an XML external entity (XXE) injection vulnerability that provides attackers with a method to extract data from the file server system of OpenNMS. This vulnerability also allows them to initiate unrestricted HTTP requests to both internal and external services, as well as initiate denial-of-service conditions on systems. If exploited, attackers could leak sensitive data belonging to large Fortune 500 companies, as well as critical infrastructure organizations.
CVE-2023-0871 could allow threat actors to make unauthorized requests, steal data, and disrupt systems. It’s important for organizations using OpenNMS to the below recommendations as soon as possible.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with CVE-2023-0871. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.SUPPORTING DOCUMENTATION