CVE-2023-46745 in LibreNMS
Summary
by MITRE • 11/18/2023
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 12/14/2023
LibreNMS represents a widely adopted network monitoring solution that leverages PHP, MySQL, and SNMP protocols to provide comprehensive visibility across diverse network infrastructures. The vulnerability identified as CVE-2023-46745 specifically targets the authentication mechanism within this platform, exposing it to unauthorized access attempts through brute force attacks. This flaw resides in the absence of rate limiting controls during the login process, creating a significant security gap that adversaries can exploit to systematically test credentials against user accounts.
The technical implementation of this vulnerability stems from the lack of protective measures that would normally restrict the frequency of authentication attempts from a single source. Without rate limiting mechanisms, malicious actors can rapidly submit login requests with various credential combinations, effectively bypassing typical account lockout protections and password strength requirements. This weakness directly maps to CWE-307, which addresses insufficient login rate limiting, making it particularly susceptible to automated attack vectors that can test thousands of credential combinations per minute. The vulnerability creates an environment where credential stuffing and brute force attacks become significantly more effective against LibreNMS installations.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it can lead to complete system compromise and potential lateral movement within network environments. Attackers who successfully exploit this weakness can gain persistent access to network monitoring data, potentially compromising the integrity of network visibility and alerting mechanisms. This threat is particularly concerning given that LibreNMS serves as a critical monitoring tool, providing insights into network health, performance, and security events. The vulnerability also aligns with ATT&CK technique T1110.003, which covers credential stuffing attacks, demonstrating how this flaw can be leveraged as part of broader attack methodologies targeting network infrastructure monitoring systems.
Organizations utilizing affected LibreNMS versions face substantial risk of unauthorized access to their network monitoring capabilities, potentially enabling attackers to observe network traffic, identify vulnerabilities, and plan further attacks against the monitored infrastructure. The absence of workarounds means that organizations must immediately upgrade to version 23.11.0 or later to remediate this vulnerability, as no alternative configuration changes can adequately protect against brute force attacks targeting the authentication system. Security teams should also implement additional monitoring for suspicious login patterns and consider network-level controls to limit access to the LibreNMS application, particularly when deployed in environments with limited administrative oversight. The remediation process requires careful attention to ensure that the upgrade maintains existing monitoring configurations while implementing the necessary rate limiting controls that were previously absent from the authentication flow.