CVE-2017-16759

Description

The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.

How to fix CVE-2017-16759

To remediate CVE-2017-16759, upgrade the affected package to a fixed version below.

• Packagist/librenms/librenms—upgrade to 1.31 or later

Is CVE-2017-16759 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.31

CVSS scores

References (6)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2017-16759
• PATCHgithub.com/librenms/librenms
• WEBblog.librenms.org/2017/08/22/librenms-security-fix-during-the-installation-process
• WEBgithub.com/librenms/librenms/commit/7887b2e1c7158204ac69ca43beafce66e4d3a3b4