CVE-2023-40315

MEDIUM

OpenNMS Horizon Authenticated RCE

Title source: metasploit

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-40315. PoCs published by Erik Wynter, including Metasploit module exploits/linux/http/opennms_horizon_authenticated_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-40315 and CVE-2023-0872 in OpenNMS Horizon to achieve authenticated RCE by leveraging privilege escalation via ROLE_FILESYSTEM_EDITOR or ROLE_REST privileges. It supports versions 32.0.1 and lower, with automatic privilege escalation if necessary.

Description

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Erik Wynter · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/opennms_horizon_authenticated_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-40315 and CVE-2023-0872 in OpenNMS Horizon to achieve authenticated RCE by leveraging privilege escalation via ROLE_FILESYSTEM_EDITOR or ROLE_REST privileges. It supports versions 32.0.1 and lower, with automatic privilege escalation if necessary.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenNMS Horizon < 32.0.2

Auth required

Prerequisites: Valid credentials with ROLE_FILESYSTEM_EDITOR and either ROLE_ADMIN or ROLE_REST privileges · Network access to OpenNMS Horizon web interface

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Release Notes

https://docs.opennms.com/meridian/2023/releasenotes/changelog.html#releasenotes-changelog-Meridian-2023.1.5

Patch

https://github.com/OpenNMS/opennms/pull/6250

Scores

CVSS v3 5.3

EPSS 0.0455

EPSS Percentile 89.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (3)

opennms/horizon 31.0.8 - 32.0.2

opennms/meridian 2023.0.0 - 2023.1.5

org.opennms/opennms-webapp-rest 31.0.8 - 32.0.2Maven

Published Aug 17, 2023

Tracked Since Feb 18, 2026