LibreNMS Authentication-Based Remote Code Execution Vulnerability (CVE-2024-51092) Summary Vulnerability Overview LibreNMS contains two defects: 1. It allows attackers to create dangerous directory names. 2. It allows injection of arbitrary OS commands via the web interface (through calls). The combination of these two defects leads to arbitrary command execution. Impact Scope Target Software: LibreNMS Affected Versions: Versions prior to 2024.11.5 Platform: Linux/Unix Prerequisites: Requires authenticated user privileges Remediation Upgrade to version 2024.11.5 or higher. Exploit Code (Metasploit Module)