Test ID:	1.3.6.1.4.1.25623.1.0.106798
Category:	Web application abuses
Title:	Logrhythm Network Monitor Multiple Vulnerabilities
Summary:	Logrhythm Network Monitor is prone to multiple vulnerabilities.
Description:	Summary: Logrhythm Network Monitor is prone to multiple vulnerabilities. Vulnerability Insight: Logrhythm Network Monitor is prone to multiple vulnerabilities: - The application web interface uses JSON Web Tokens (JWT) to authenticate users and manage user sessions. However, the secret key used to sign the JWT tokens is static across multiple deployments of the software. This vulnerability can be exploited to forge arbitrary JWT tokens and bypass authentication to the LogRhythm Network Monitor web management interface. - Multiple command injection vulnerabilities exist in the application web management interface due to unescaped user-input used to dynamically construct system shell commands. These vulnerabilities can be exploited to run arbitrary commands in the context of the root user and fully compromise the LogRhythm Network Monitor host. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Copyright	Copyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.