9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Thanks to community contributor Erik Wynter, Metasploit Framework now has an exploit module for an unauthenticated command injection vulnerability in the Cacti network-monitoring software. The vulnerability is due to a proc_open()
call that accepts unsanitized user input in remote_agent.php
. Provided that the target server has data that’s tied to the POLLER_ACTION_SCRIPT_PHP
action, the vulnerable proc_open()
call can be reached with a single GET request. Successful exploitation will result in a session as the user running the Cacti server.
The latest release includes some improvements to Python Meterpreter which gets the payload a little closer to feature parity with Windows Meterpreter. For Windows Python Meterpreter, NtAlexio2 added the enumdesktops
command, which like with Windows Meterpreter, enumerates all of the accessible desktops it can find. Our very own zeroSteiner added dual stack IPv4 / IPv6 TCP support for Python Meterpreter. Working across both Windows and Linux, this improvement enables Python Meterpreter to listen on all interfaces it can listen on, including ones that have IPv6 addresses.
Authors: Erik Wynter, Owen Gong, Stefan Schiller, and Steven Seeley
Type: Exploit
Pull request: #17407 contributed by ErikWynter
AttackerKB reference: CVE-2022-46169
Description: This adds an exploit that targets various versions of Cacti network-monitoring software. For versions 1.2.22
and below, there exists an unauthenticated command injection vulnerability in remote_agent.php
that when exploited, will result in remote code execution as the user running the Cacti server.
SYSTEM
or delivered on demand through an exploit module such as psexec
.auxiliary/client/smtp/emailer
module.enumdesktops
command to Python Meterpreter, and also add support for binding to the specified localhost to compiled versions of Meterpreter.You can find the latest Metasploit documentation on our docsite at docs.metasploit.com.
As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:
If you are a git
user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).