CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
70.5%
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6969-1 advisory.
It was discovered that Cacti did not properly apply checks to the Package Import feature. An attacker could possibly use this issue to perform arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-25641)
It was discovered that Cacti did not properly sanitize values when using javascript based API. A remote attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-site scripting vulnerability. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29894)
It was discovered that Cacti did not properly sanitize values when managing data queries. A remote attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-site scripting vulnerability. (CVE-2024-31443)
It was discovered that Cacti did not properly sanitize values when reading tree rules with Automation API.
A remote attacker could possibly use this issue to inject arbitrary javascript code resulting into cross- site scripting vulnerability. (CVE-2024-31444)
It was discovered that Cacti did not properly sanitize get_request_var('filter') values in the api_automation.php file. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-31445)
It was discovered that Cacti did not properly sanitize data stored in form_save() function in the graph_template_inputs.php file. A remote attacker could possibly use this issue to perform SQL injection attacks. (CVE-2024-31458)
It was discovered that Cacti did not properly validate the file urls from the lib/plugin.php file. An attacker could possibly use this issue to perform arbitrary code execution. (CVE-2024-31459)
It was discovered that Cacti did not properly validate the data stored in the automation_tree_rules.php.
A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-31460)
It was discovered that Cacti did not properly verify the user password. An attacker could possibly use this issue to bypass authentication mechanism. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-34360)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-6969-1. The text
# itself is copyright (C) Canonical, Inc. See
# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered
# trademark of Canonical, Inc.
##
include('compat.inc');
if (description)
{
script_id(206024);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/27");
script_cve_id(
"CVE-2024-25641",
"CVE-2024-29894",
"CVE-2024-31443",
"CVE-2024-31444",
"CVE-2024-31445",
"CVE-2024-31458",
"CVE-2024-31459",
"CVE-2024-31460",
"CVE-2024-34340"
);
script_xref(name:"USN", value:"6969-1");
script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Cacti vulnerabilities (USN-6969-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote Ubuntu host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed
that is affected by multiple vulnerabilities as referenced in the USN-6969-1 advisory.
It was discovered that Cacti did not properly apply checks to the Package Import feature. An attacker
could possibly use this issue to perform arbitrary code execution. This issue only affected Ubuntu 24.04
LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-25641)
It was discovered that Cacti did not properly sanitize values when using javascript based API. A remote
attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-site
scripting vulnerability. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29894)
It was discovered that Cacti did not properly sanitize values when managing data queries. A remote
attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-site
scripting vulnerability. (CVE-2024-31443)
It was discovered that Cacti did not properly sanitize values when reading tree rules with Automation API.
A remote attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-
site scripting vulnerability. (CVE-2024-31444)
It was discovered that Cacti did not properly sanitize get_request_var('filter') values in the
api_automation.php file. A remote attacker could possibly use this issue to perform SQL injection
attacks. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04
LTS. (CVE-2024-31445)
It was discovered that Cacti did not properly sanitize data stored in form_save() function in the
graph_template_inputs.php file. A remote attacker could possibly use this issue to perform SQL injection
attacks. (CVE-2024-31458)
It was discovered that Cacti did not properly validate the file urls from the lib/plugin.php file. An
attacker could possibly use this issue to perform arbitrary code execution. (CVE-2024-31459)
It was discovered that Cacti did not properly validate the data stored in the automation_tree_rules.php.
A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected
Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-31460)
It was discovered that Cacti did not properly verify the user password. An attacker could possibly use
this issue to bypass authentication mechanism. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04
LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-34360)
Tenable has extracted the preceding description block directly from the Ubuntu security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/notices/USN-6969-1");
script_set_attribute(attribute:"solution", value:
"Update the affected cacti package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-34340");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Cacti Import Packages RCE');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:20.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:22.04:-:lts");
script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:24.04:-:lts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cacti");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Ubuntu Local Security Checks");
script_copyright(english:"Ubuntu Security Notice (C) 2024 Canonical, Inc. / NASL script (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "ubuntu_pro_sub_detect.nasl");
script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
exit(0);
}
include('debian_package.inc');
if ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Ubuntu/release');
if ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');
os_release = chomp(os_release);
if (! ('14.04' >< os_release || '16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release || '22.04' >< os_release || '24.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04 / 16.04 / 18.04 / 20.04 / 22.04 / 24.04', 'Ubuntu ' + os_release);
if ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);
var ubuntu_pro_detected = get_kb_item('Host/Ubuntu/Pro/Services/esm-apps');
ubuntu_pro_detected = !empty_or_null(ubuntu_pro_detected);
var pro_caveat_needed = FALSE;
var pkgs = [
{'osver': '14.04', 'pkgname': 'cacti', 'pkgver': '0.8.8b+dfsg-5ubuntu0.2+esm2', 'ubuntu_pro': TRUE},
{'osver': '16.04', 'pkgname': 'cacti', 'pkgver': '0.8.8f+ds1-4ubuntu4.16.04.2+esm2', 'ubuntu_pro': TRUE},
{'osver': '18.04', 'pkgname': 'cacti', 'pkgver': '1.1.38+ds1-1ubuntu0.1~esm3', 'ubuntu_pro': TRUE},
{'osver': '20.04', 'pkgname': 'cacti', 'pkgver': '1.2.10+ds1-1ubuntu1.1', 'ubuntu_pro': FALSE},
{'osver': '22.04', 'pkgname': 'cacti', 'pkgver': '1.2.19+ds1-2ubuntu1.1', 'ubuntu_pro': FALSE},
{'osver': '24.04', 'pkgname': 'cacti', 'pkgver': '1.2.26+ds1-1ubuntu0.1', 'ubuntu_pro': FALSE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var osver = NULL;
var pkgname = NULL;
var pkgver = NULL;
if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];
if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];
if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];
var pro_required = NULL;
if (!empty_or_null(package_array['ubuntu_pro'])) pro_required = package_array['ubuntu_pro'];
if (osver && pkgname && pkgver) {
if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) {
flag++;
if (!ubuntu_pro_detected && !pro_caveat_needed) pro_caveat_needed = pro_required;
}
}
}
if (flag)
{
var extra = '';
if (pro_caveat_needed) {
extra += 'NOTE: This vulnerability check contains fixes that apply to packages only \n';
extra += 'available in Ubuntu ESM repositories. Access to these package security updates \n';
extra += 'require an Ubuntu Pro subscription.\n\n';
}
extra += ubuntu_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = ubuntu_pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cacti');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29894
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31443
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31444
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31445
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31459
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31460
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34340
ubuntu.com/security/notices/USN-6969-1
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
70.5%