7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.5%
Cacti is a complete network graphing solution designed to harness the power of RRDTool’s data storage and graphing functionality.
Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details.
A remote attacker could execute arbitrary SQL commands via specially crafted parameters, execute arbitrary shell code or inject malicious script code.
There is no known workaround at this time.
All Cacti users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/cacti-0.8.8b"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-analyzer/cacti | < 0.8.8b | UNKNOWN |