Lucene search

[email protected]CVE-2017-16660

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2017-16660

2022-10-0316:23:23

CWE-668

[email protected]

web.nvd.nist.gov

cacti

remote code execution

cve-2017-16660

nvd

log path manipulation

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

Affected configurations

NVD

Node

cacticactiMatch1.1.27

CPENameOperatorVersion
cacti:cacticactieq1.1.27

CPE	Name	Operator	Version
cacti:cacti	cacti	eq	1.1.27

References

github.com/Cacti/cacti/issues/1066

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for CVE-2017-16660

cvelist1 prion1 osv1 nvd1 ubuntucve1 debiancve1 openvas6 freebsd1 fedora3 nessus5 archlinux1 suse1