CVE-2023-49088

2023-12-2217:15:08

Debian Security Bug Tracker

security-tracker.debian.org

cacti

xss attack

data_debug.php

unauthorized access

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in data_debug.php. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: General Administration>Sites/Devices/Data. The victim of this attack could be any account with permissions to view http://<HOST>/cacti/data_debug.php. As of time of publication, no complete fix has been included in Cacti.

OSVersionArchitecturePackageVersionFilename
Debian12allcacti< 1.2.24+ds1-1+deb12u2cacti_1.2.24+ds1-1+deb12u2_all.deb
Debian11allcacti< 1.2.16+ds1-2+deb11u3cacti_1.2.16+ds1-2+deb11u3_all.deb
Debian999allcacti< 1.2.26+ds1-1cacti_1.2.26+ds1-1_all.deb
Debian13allcacti< 1.2.26+ds1-1cacti_1.2.26+ds1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cacti	< 1.2.24+ds1-1+deb12u2	cacti_1.2.24+ds1-1+deb12u2_all.deb
Debian	11	all	cacti	< 1.2.16+ds1-2+deb11u3	cacti_1.2.16+ds1-2+deb11u3_all.deb
Debian	999	all	cacti	< 1.2.26+ds1-1	cacti_1.2.26+ds1-1_all.deb
Debian	13	all	cacti	< 1.2.26+ds1-1	cacti_1.2.26+ds1-1_all.deb