A vulnerability, which was classified as critical, has been found in Observium Professional, Enterprise and Community 20.8.10631. This issue affects an unknown function of the file /device/device=345/?tab=health.
The manipulation of the argument metric with an unknown input leads to a directory traversal vulnerability (Code Execution). Using CWE to declare the problem leads to CWE-94 .
Observium is a low-maintenance auto-discovering network monitoring platform supporting a wide range of device types, platforms and operating systems including Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and many more. Observium focuses on providing a beautiful and powerful yet simple and intuitive interface to the health and status of your network.
Professionally developed and maintained by a team of experienced network engineers and systems administrators, Observium is a platform designed and built by its users.
Observium Community is available free to everyone and receives updates and features twice annually.
Observium Professional adds priority access to daily updates and new features for a small yearly fee.
Impacted is confidentiality, integrity, and availability.
The weakness was shared 09/25/2020. The identification of this vulnerability is CVE-2020-25149 since 09/04/2020.
The attack may be initiated remotely. Technical details are known, but no exploit is available.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.