CVE-2023-0872

CVSS 3.1 Score 8.0 of 10 (high)

Details

Published Aug 14, 2023
Updated: Aug 21, 2023
CWE ID 269

Summary

CVE-2023-0872 is a vulnerability affecting the users endpoint in OpenMNS Horizon 31.0.8 and earlier versions, including those on multiple platforms. This issue results in an elevation of privilege, allowing unauthorized access with increased privileges. To mitigate this risk, users are advised to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38, or Horizon 32.0.2 or later. It is important to note that Meridian and Horizon software should be installed within private networks and not directly accessible from the internet. OpenMNS acknowledges the report of this vulnerability by Erik Wynter.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • OpenNMS Meridian
  • OpenNMS Horizon

Affected Vendors

  • Opennms