9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.965 High
EPSS
Percentile
99.6%
Issue Overview:
A flaw was found in how Cacti grants authorization based on IP address which allows authentication bypass, and possibly arbitrary command execution if a poller_item configured with a POLLER_ACTION_SCRIPT_PHP action is present.
This updated cacti package adds a feature allowing an administrator to explicitly list headers suitable for use in client authentication. This option is not currently enabled by default in order to preserve compatibility but may be set by default in a future release. This is consistent with the latest upstream cacti releases (1.2.23 and 1.3.0). Additional details can be found here: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
In order to mitigate the authentication bypass customers must set the new $proxy_headers configuration option in /etc/cacti/db.php appropriately for their environment by either setting it to false or an array of the headers for cacti to trust.
Additionally, customers are strongly recommended to:
1. Consider using user authentication via a reverse proxy front end like httpd or nginx
2. Cacti administrators should configure the client-facing web server or reverse proxy to strip any trusted headers provided by untrusted sources, to prevent them from reaching the Cacti server and being used to bypass the authentication process.
Affected Packages:
cacti
Issue Correction:
Run yum update cacti to update your system.
New Packages:
noarch:
cacti-1.1.19-2.20.amzn1.noarch
src:
cacti-1.1.19-2.20.amzn1.src
Red Hat: CVE-2022-46169
Mitre: CVE-2022-46169
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | noarch | cacti | < 1.1.19-2.20.amzn1 | cacti-1.1.19-2.20.amzn1.noarch.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.965 High
EPSS
Percentile
99.6%