Openfire 3.10 < 4.6.8 / 4.7 < 4.7.5 Authentication Bypass

high Nessus Plugin ID 177741

Synopsis

The remote host contains an application that is affected by an authentication bypass vulnerability.

Description

The remote host is running a version of Openfire that is affected by an authentication bypass vulnerability. Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.
The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 4.6.8, 4.7.5, 4.8.0 or later.

See Also

http://www.nessus.org/u?dec8dfe3

Plugin Details

Severity: High

ID: 177741

File Name: openfire_4_8_0.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 6/29/2023

Updated: 9/11/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.2

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2023-32315

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:igniterealtime:openfire

Required KB Items: installed_sw/Openfire Console

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/23/2023

Vulnerability Publication Date: 5/23/2023

CISA Known Exploited Vulnerability Due Dates: 9/14/2023

Exploitable With

Metasploit (Openfire authentication bypass with RCE plugin)

Reference Information

CVE: CVE-2023-32315

IAVB: 2023-B-0043