Nomios GREENmod Server-Side Request Forgery Vulnerability via Named Pipes
Vulnerability
A Server-Side Request Forgery (SSRF) vulnerability has been identified in Nomios GREENmod versions prior to 2.8.33. The issue arises from incorrectly configured access control lists for named pipes used for communication between plugins, the web portal, and the system service. This misconfiguration allows an attacker to interact with the named pipe stream and upload arbitrary XML or JSON files. The uploaded files are processed by the named pipe with the privileges of the user under whose context the service is running. This vulnerability enables SSRF attacks to any Windows system that has the GREENmod agent installed and allows communication via SMB or WebDAV.
Impact
Exploitation of this vulnerability allows for Server-Side Request Forgery attacks to any Windows system with the GREENmod agent installed, and which permits communication via SMB or WebDAV.
Remediation
Users can upgrade to GREENmod version 2.8.33 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.