07. 09. 2022 Damiano Chini Bug Fixes, NetEye

NetEye 4 Core, Asset and SLM – Security Advisory – Multiple Vulnerabilities

Synopsis

Important: Multiple Security updates for NetEye 4

Type/Severity

Security Advisory: Important

Topic

Wuerth Phoenix has released some Critical Patches (CPs) for NetEye 4. These CPs resolve multiple vulnerabilities related to Privilege Escalation and authenticated remote command execution (RCE) exploits.

Description

  • GLPI was affected by an SSRF vulnerability in the External Calendars feature of the GLPI Plannings. An authenticated attacker could exploit this vulnerability to perform arbitrary requests on behalf of the Server, granted the attacker had edit permissions on GLPI Plannings.
  • An SSRF vulnerability was discovered in NagVis. Authenticated users with admin permissions on the NagVis module could perform arbitrary requests on behalf of the Server.
  • NagVis was also affected by a PHAR deserialization vulnerability. An authenticated attacker could exploit this vulnerability to achieve Remote Code Execution.
  • A Local Root Privilege Escalation vulnerability was found in Tornado. An attacker with unprivileged access to the system could perform a vertical privilege escalation.
  • An SSRF vulnerability was found in the Alyvix module. When calling the APIs of Alyvix nodes, the Alyvix backend was not validating the host address of the Alyvix node. An attacker with edit permissions on Icinga Director could insert malicious host addresses in Icinga Director to perform arbitrary HTTP GET and POST requests when visiting the Alyvix UI.
  • OCS Inventory was affected by an unsafe deserialization vulnerability. An authenticated attacker could achieve RCE by inserting malicious content in the cookies.
  • The SLM module had a path traversal vulnerability, occurring during the generation of the SLM Resource Reports. An authenticated attacker could insert malicious parameters in the definition of an SLM Report to write in arbitrary file paths.

Security Fix(es) for NetEye 4.23:

  • glpi-9.5.5_neteye1.10.1-1.noarch.rpm
  • glpi-neteye-config-9.5.5_neteye1.10.1-1.noarch.rpm
  • glpi-autosetup-9.5.5_neteye1.10.1-1.noarch.rpm
  • nagvis-1.9.31_neteye1.6.3-1.el8.noarch.rpm
  • tornado-1.19.7-2.el8.x86_64.rpm
  • tornado-common-1.19.7-2.el8.x86_64.rpm
  • tornado-autosetup-1.19.7-2.el8.x86_64.rpm
  • tornado-rsyslog-collector-logmanager-1.19.7-2.el8.x86_64.rpm
  • tornado-neteye-config-1.19.7-2.el8.x86_64.rpm
  • tornado-dto-1.19.7-2.el8.x86_64.rpm
  • ocsinventory-ocsreports-2.7.0_neteye1.10.1-1.el8.noarch.rpm
  • ocsinventory-ocsreports-autosetup-2.7.0_neteye1.10.1-1.el8.noarch.rpm
  • ocsinventory-ocsreports-neteye-config-2.7.0_neteye1.10.1-1.el8.noarch.rpm
  • icingaweb2-module-slm-4.19.3-1.noarch.rpm
  • icingaweb2-module-slm-autosetup-4.19.3-1.noarch.rpm

Security Fix(es) for NetEye 4.24:

  • glpi-9.5.5_neteye1.10.1-1.noarch.rpm
  • glpi-neteye-config-9.5.5_neteye1.10.1-1.noarch.rpm
  • glpi-autosetup-9.5.5_neteye1.10.1-1.noarch.rpm
  • nagvis-1.9.31_neteye1.6.3-1.el8.noarch.rpm
  • tornado-1.19.7-2.el8.x86_64.rpm
  • tornado-common-1.19.7-2.el8.x86_64.rpm
  • tornado-autosetup-1.19.7-2.el8.x86_64.rpm
  • tornado-rsyslog-collector-logmanager-1.19.7-2.el8.x86_64.rpm
  • tornado-neteye-config-1.19.7-2.el8.x86_64.rpm
  • tornado-dto-1.19.7-2.el8.x86_64.rpm
  • ocsinventory-ocsreports-2.7.0_neteye1.10.1-1.el8.noarch.rpm
  • ocsinventory-ocsreports-autosetup-2.7.0_neteye1.10.1-1.el8.noarch.rpm
  • ocsinventory-ocsreports-neteye-config-2.7.0_neteye1.10.1-1.el8.noarch.rpm
  • icingaweb2-module-slm-4.19.3-1.noarch.rpm
  • icingaweb2-module-slm-autosetup-4.19.3-1.noarch.rpm

Security Fix(es) for NetEye 4.25:

  • glpi-9.5.5_neteye1.10.1-1.noarch.rpm
  • glpi-neteye-config-9.5.5_neteye1.10.1-1.noarch.rpm
  • glpi-autosetup-9.5.5_neteye1.10.1-1.noarch.rpm
  • nagvis-1.9.31_neteye1.6.3-1.el8.noarch.rpm
  • tornado-1.20.0-1.el8.x86_64.rpm
  • tornado-common-1.20.0-1.el8.x86_64.rpm
  • tornado-autosetup-1.20.0-1.el8.x86_64.rpm
  • tornado-rsyslog-collector-logmanager-1.20.0-1.el8.x86_64.rpm
  • tornado-neteye-config-1.20.0-1.el8.x86_64.rpm
  • tornado-dto-1.20.0-1.el8.x86_64.rpm
  • icingaweb2-module-alyvix-0.7.1-1.noarch.rpm
  • icingaweb2-module-neteye-1.118.2-1.x86_64.rpm
  • icingaweb2-module-neteye-autosetup-1.118.2-1.x86_64.rpm
  • ocsinventory-ocsreports-2.7.0_neteye1.11.1-1.el8.noarch.rpm
  • ocsinventory-ocsreports-autosetup-2.7.0_neteye1.11.1-1.el8.noarch.rpm
  • ocsinventory-ocsreports-neteye-config-2.7.0_neteye1.11.1-1.el8.noarch.rpm
  • icingaweb2-module-slm-4.21.1-1.noarch.rpm
  • icingaweb2-module-slm-autosetup-4.21.1-1.noarch.rpm

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to the NetEye Update Section inside the User Guide.

Affected Products

All NetEye 4.x versions prior to and including 4.25.

References

Damiano Chini

Damiano Chini

Author

Damiano Chini

Leave a Reply

Your email address will not be published.

Archive