CVE-2020-12760

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/OpenNMS/opennms/releases/tag/opennms-26.0.1-1	Release Notes
https://issues.opennms.org/browse/NMS-12673	Vendor Advisory
https://www.opennms.com/en/blog/2020-04-29-opennms-horizon-26-0-1-luchador-released/	Release Notes Vendor Advisory
https://www.opennms.com/en/blog/2020-04-29-opennms-meridian-2018-1-18-wildfire-released/	Release Notes Vendor Advisory
https://www.opennms.com/en/blog/2020-04-29-opennms-meridian-2019-1-6-europa-released/	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:opennms:opennms_horizon::::::::
	cpe:2.3:a:opennms:opennms_meridian::::::::
	cpe:2.3:a:opennms:opennms_meridian::::::::

History

No history.

Information

Published : 2020-05-11 16:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-12760

Mitre link : CVE-2020-12760

CVE.ORG link : CVE-2020-12760

JSON object : View

Products Affected

opennms

opennms_horizon
opennms_meridian

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2020-12760", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-05-11T16:15:13.147", "references": [{"url": "https://github.com/OpenNMS/opennms/releases/tag/opennms-26.0.1-1", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://issues.opennms.org/browse/NMS-12673", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.opennms.com/en/blog/2020-04-29-opennms-horizon-26-0-1-luchador-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.opennms.com/en/blog/2020-04-29-opennms-meridian-2018-1-18-wildfire-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.opennms.com/en/blog/2020-04-29-opennms-meridian-2019-1-6-europa-released/", "tags": ["Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions."}, {"lang": "es", "value": "Se detect\u00f3 un problema en OpenNMS Horizon versiones anteriores a 26.0.1 y Meridian versiones anteriores a 2018.1.19 y versiones 2019 anteriores a 2019.1.7. La configuraci\u00f3n del canal ActiveMQ permiti\u00f3 la deserializaci\u00f3n arbitraria de objetos Java (tambi\u00e9n se conoce cmo deserializaci\u00f3n de la carga \u00fatil de ActiveMQ Minion), conllevando a una ejecuci\u00f3n de c\u00f3digo remota para cualquier usuario del canal autenticado, sin importar sus permisos asignados."}], "lastModified": "2020-05-13T17:42:39.663", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opennms:opennms_horizon:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5C90319-F2D3-420A-8A20-6F31691339C7", "versionEndExcluding": "26.1.0"}, {"criteria": "cpe:2.3:a:opennms:opennms_meridian:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC5C193A-1194-41C8-AE5D-4E2F6E3984D7", "versionEndExcluding": "2018.1.19"}, {"criteria": "cpe:2.3:a:opennms:opennms_meridian:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C95DA0CC-9548-40FE-8806-AF54A51B442A", "versionEndExcluding": "2019.1.7", "versionStartIncluding": "2019"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}