Skip to main content

CVE-2021-25930: Cross-Site Request Forgery in OpenNMS

Medium
VulnerabilityCVE-2021-25930cvecve-2021-25930
Published: Thu May 20 2021 (05/20/2021, 13:57:58 UTC)
Source: CVE
Vendor/Project: n/a
Product: OpenNMS

Description

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. As a result, privileges of the renamed user are being overwritten by the old user and the old user is being deleted from the user list.

AI-Powered Analysis

AILast updated: 06/25/2025, 13:01:14 UTC

Technical Analysis

CVE-2021-25930 is a Cross-Site Request Forgery (CSRF) vulnerability affecting multiple versions of OpenNMS Horizon and OpenNMS Meridian, specifically from opennms-1-0-stable through opennms-27.1.0-1 and meridian-foundation-2015.1.0-1 through meridian-foundation-2020.1.6-1. OpenNMS is an open-source network management platform widely used for monitoring network devices and services. The vulnerability arises due to the absence of CSRF protection mechanisms in the affected versions. Additionally, there is no validation when renaming an existing user account. This combination allows an attacker to craft a malicious request that, when executed by an authenticated user, can rename a user account without proper checks. The consequence is that the privileges of the renamed user are overwritten by those of the old user, and the old user is deleted from the user list. This can lead to privilege manipulation and potential unauthorized access escalation or disruption of user management. The CVSS v3.1 base score is 4.3 (medium severity), with vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating that the attack can be performed remotely over the network with low complexity, requires no privileges but does require user interaction, and impacts integrity but not confidentiality or availability. There are no known exploits in the wild, and no patches are linked in the provided data, indicating that mitigation may require manual updates or configuration changes. The vulnerability is classified under CWE-352 (Cross-Site Request Forgery).

Potential Impact

For European organizations using OpenNMS for network monitoring and management, this vulnerability poses a risk of unauthorized manipulation of user accounts. An attacker could trick an authenticated user into executing a malicious request that renames users, potentially overwriting privileges and deleting legitimate user accounts. This can lead to unauthorized privilege escalation or denial of legitimate user access, undermining the integrity of user management within the system. While the vulnerability does not directly compromise confidentiality or availability, the integrity impact can disrupt administrative controls and trust in the monitoring infrastructure. This is particularly critical for organizations relying on OpenNMS for managing critical network infrastructure, as compromised user management could facilitate further attacks or operational disruptions. Given the medium severity and requirement for user interaction, the threat is moderate but should not be underestimated in environments with high security requirements or where OpenNMS is exposed to untrusted networks.

Mitigation Recommendations

Implement CSRF protection mechanisms in OpenNMS by upgrading to a version where this vulnerability is patched or by applying community or vendor-provided patches if available. If immediate upgrade is not possible, restrict access to the OpenNMS web interface to trusted internal networks only, reducing exposure to CSRF attacks. Enforce strict user session management and consider implementing multi-factor authentication to reduce the risk of unauthorized actions via CSRF. Regularly audit user accounts and privileges within OpenNMS to detect any unauthorized changes promptly. Educate users about the risks of CSRF and advise caution when clicking on links or executing actions in the OpenNMS interface, especially from untrusted sources. Use web application firewalls (WAFs) or reverse proxies with CSRF detection capabilities to filter malicious requests targeting OpenNMS. Monitor network traffic and logs for unusual user management activities that could indicate exploitation attempts.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Mend
Date Reserved
2021-01-22T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d983ac4522896dcbed67b

Added to database: 5/21/2025, 9:09:14 AM

Last enriched: 6/25/2025, 1:01:14 PM

Last updated: 7/26/2025, 10:08:53 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats