Horizon Alert
Summary of the vulnerability and why it matters
This advisory addresses a vulnerability in FOSSBilling, a billing and client management system, where an unprotected API endpoint could allow unauthorized users to create new administrator accounts. This could lead to a complete takeover of the system by an attacker, regardless of whether administrator accounts already exist. The issue has been addressed in recent updates.
- Unprotected system access creates new admin accounts.
- Unauthorized admin creation leads to full system compromise.
- Confirm if FOSSBilling is used; if so, verify updates.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this vulnerability by accessing a specific guest API endpoint, even without any prior authentication or administrator privileges. This endpoint, intended for initial setup, incorrectly allows the creation of a new administrator account due to a flaw in its security checks. Once a new administrator account is created, the attacker can immediately log in with full administrative access to the system.
- No authentication required.
- Guest API endpoint for staff creation.
- Full administrator access gained.
Live Threat
Current exploitation, exposure, and threat context
When supported by the advisory, an unauthenticated attacker could create a new administrator account and gain immediate, fully privileged access to the FOSSBilling system, regardless of whether an administrator already exists.
- Unauthorized administrator account creation.
- Exploiting an unprotected guest API endpoint.
- Complete system control and privileged access.
Operational Fix
Recommended remediation, mitigation, and detection steps
Real-world action should begin with identifying all instances of FOSSBilling, determining their exposure and business criticality, and confirming the accountable owner. This triage will inform the remediation strategy, which may involve coordinated updates, vendor engagement, or implementing temporary risk reductions while planning for system maintenance.
- Identify FOSSBilling instances and owners.
- Verify external reachability and business criticality.
- Plan risk-based remediation and updates.