6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
72.5%
Affected system:
> Cacti Cacti 0.8.8 b
Cacti Cacti 0.8.7 f
Description:
BUGTRAQ ID: 6 6 3 9 2
CVE(CAN) ID: CVE-2 0 1 4-2 3 2 7
Cacti is a round Robin database, RRD tool, you can help from the database information to create a graphic, there are multiple Linux versions.
Cacti 0.8.8 b and earlier version in the realization of the presence of cross-site request forgery vulnerability, which allows remote attackers to modify a binary file, modify the configuration or add any user request, the use of this vulnerability to hijack a userβs authentication.
<*source: Deutsche Telekom CERT
Link:<http://secunia.com/advisories/57647>
*>
Recommendations:
Manufacturers patch:
The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:
<http://bugs.cacti.net/view.php?id=2431>
<http://bugs.cacti.net/view.php?id=2405>
[email protected]/msg1209356.htmlβ target=β_blankβ>http://www.mail-archive.com/[[email protected]](<mailto:[email protected]>)/msg1209356.html
<http://www.securityfocus.com/archive/1/531588>