CVE-2024-47002
Published: 15 January 2025
Summary
CVE-2024-47002 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Observium Observium. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked in the top 6.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2024-47002 is an HTML code injection vulnerability, also described as cross-site scripting under CWE-79, that affects the VLAN management functionality in Observium Community Edition version 24.4.13528. A specially crafted HTTP request can inject arbitrary HTML code into the application.
An authenticated attacker can supply a malicious link that, when clicked by another authenticated user, executes the injected code. The CVSS 8.7 vector indicates the attack is remotely exploitable with low complexity and low privileges but requires user interaction, resulting in high impact to confidentiality and integrity with changed scope.
The vulnerability is detailed in the Talos Intelligence advisory TALOS-2024-2091. The associated EPSS score has remained flat at 0.0963 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42868
Vulnerability details
A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the…
more
attacker.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
XSS directly enables browser session hijacking (T1185) via injected HTML execution and facilitates spearphishing link delivery (T1566.002) to trigger the payload in an authenticated context.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates HTTP request inputs to the VLAN management interface, rejecting specially crafted payloads that inject arbitrary HTML code.
Filters information outputs from the VLAN management component to prevent execution of injected HTML code in authenticated users' browsers.
Requires identification, reporting, and correction of the specific HTML injection flaw in Observium CE 24.4.13528.