What is CVE-2019-10669?

CVE-2019-10669 is a command injection vulnerability in LibreNMS through version 1.47.

What is the severity of CVE-2019-10669?

The severity of CVE-2019-10669 is high with a CVSS score of 7.2.

How does CVE-2019-10669 impact LibreNMS?

CVE-2019-10669 allows an attacker to execute arbitrary commands on the target system through a command injection vulnerability in LibreNMS.

How can I fix CVE-2019-10669?

To fix CVE-2019-10669, upgrade LibreNMS to version 1.48 or later.

Where can I find more information about CVE-2019-10669?

You can find more information about CVE-2019-10669 at the following references: [Reference 1](http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html) and [Reference 2](https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017/).

Vulnerability/
CVE-2019-10669

high

7.2

CWE

78 89 77

9/9/2019

4/8/2024

CVE-2019-10669: OS Command Injection

First published: Mon Sep 09 2019(Updated: )

An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Librenms Librenms	<=1.47

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-10669?
CVE-2019-10669 is a command injection vulnerability in LibreNMS through version 1.47.
What is the severity of CVE-2019-10669?
The severity of CVE-2019-10669 is high with a CVSS score of 7.2.
How does CVE-2019-10669 impact LibreNMS?
CVE-2019-10669 allows an attacker to execute arbitrary commands on the target system through a command injection vulnerability in LibreNMS.
How can I fix CVE-2019-10669?
To fix CVE-2019-10669, upgrade LibreNMS to version 1.48 or later.
Where can I find more information about CVE-2019-10669?
You can find more information about CVE-2019-10669 at the following references: [Reference 1](http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html) and [Reference 2](https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017/).

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/severity
agent/tags
agent/first-publish-date
agent/event
agent/description
agent/source
vendor/librenms
canonical/librenms librenms
version/librenms librenms/1.47

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.