CVE-2023-46745 MEDIUM

CVE-2023-46745: Rate limiting Bypass on login page in libreNMS

Vendor Librenms
Product librenms
Weakness CWE-307 · Brute force
Published November 17, 2023
Last update August 29, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

November 17, 2023 CVE published
August 29, 2024 Record updated