CVE-2024-31459

2024-05-1415:25:26

Debian Security Bug Tracker

security-tracker.debian.org

cacti

version 1.2.27

file inclusion

sql injection

remote code execution

operational monitoring

fault management

patch

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

8.9 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the api_plugin_hook() function in the lib/plugin.php file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.

OSVersionArchitecturePackageVersionFilename
Debian12allcacti<= 1.2.24+ds1-1+deb12u1cacti_1.2.24+ds1-1+deb12u1_all.deb
Debian11allcacti<= 1.2.16+ds1-2+deb11u2cacti_1.2.16+ds1-2+deb11u2_all.deb
Debian10allcacti<= 1.2.2+ds1-2+deb10u4cacti_1.2.2+ds1-2+deb10u4_all.deb
Debian999allcacti< 1.2.27+ds1-1cacti_1.2.27+ds1-1_all.deb
Debian13allcacti< 1.2.27+ds1-1cacti_1.2.27+ds1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cacti	<= 1.2.24+ds1-1+deb12u1	cacti_1.2.24+ds1-1+deb12u1_all.deb
Debian	11	all	cacti	<= 1.2.16+ds1-2+deb11u2	cacti_1.2.16+ds1-2+deb11u2_all.deb
Debian	10	all	cacti	<= 1.2.2+ds1-2+deb10u4	cacti_1.2.2+ds1-2+deb10u4_all.deb
Debian	999	all	cacti	< 1.2.27+ds1-1	cacti_1.2.27+ds1-1_all.deb
Debian	13	all	cacti	< 1.2.27+ds1-1	cacti_1.2.27+ds1-1_all.deb