CVE-2022-4067 is a security vulnerability classified as a Cross-site Scripting (XSS) issue, specifically a Stored XSS, found in the LibreNMS network monitoring software prior to version 22.10.0. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing an attacker with certain privileges to inject malicious scripts that are stored and later executed in the context of other users' browsers. The CVSS 3.0 base score is 3.4, indicating a low severity level. The vector string (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N) reveals that the attack can be performed remotely over the network with low attack complexity but requires high privileges (authenticated user with elevated rights) and user interaction (the victim must trigger the malicious script). The scope is changed (S:C), meaning the vulnerability affects components beyond the initially vulnerable component. The impact is limited to confidentiality (partial data disclosure) with no impact on integrity or availability. No known exploits are reported in the wild, and no official patches are linked in the provided data. LibreNMS is an open-source network monitoring tool widely used by organizations to monitor network infrastructure and devices. The vulnerability could allow an attacker with elevated privileges to inject scripts that execute in the browsers of other users, potentially leading to session hijacking or data leakage within the monitoring environment.

For European organizations using LibreNMS, this vulnerability poses a risk primarily to the confidentiality of monitoring data and user session information. Since the exploit requires high privileges and user interaction, the threat is somewhat mitigated by internal access controls and user awareness. However, in environments where LibreNMS is used to monitor critical network infrastructure, an attacker exploiting this vulnerability could gain indirect access to sensitive operational data or perform actions on behalf of other users, potentially leading to lateral movement or further compromise. The impact on integrity and availability is minimal, but the confidentiality breach could expose network topology, device configurations, or user credentials. Organizations with large, distributed network operations or those relying heavily on LibreNMS for real-time monitoring may face increased risk if internal privilege management is weak or if users are susceptible to social engineering attacks.

1. Upgrade LibreNMS to version 22.10.0 or later where the vulnerability is addressed. 2. Implement strict role-based access control (RBAC) to limit the number of users with high privileges capable of injecting malicious input. 3. Conduct regular security training to raise awareness about phishing and social engineering, reducing the likelihood of user interaction with malicious payloads. 4. Employ web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns targeting LibreNMS interfaces. 5. Monitor logs and user activities within LibreNMS for unusual behavior indicative of exploitation attempts. 6. If upgrading immediately is not feasible, apply input validation and output encoding controls at the web server or proxy level to sanitize user inputs and outputs. 7. Isolate LibreNMS access to trusted networks and enforce multi-factor authentication (MFA) for all privileged users to reduce the risk of credential compromise.