10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.5 High
AI Score
Confidence
Low
0.965 High
EPSS
Percentile
99.6%
The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.
The most severe of the vulnerabilities are listed below -
Also addressed by Cacti are two other high-severity flaws that could lead to code execution via SQL injection and file inclusion -
It’s worth noting that 10 out of the 12 flaws, with the exception of CVE-2024-29895 and CVE-2024-30268 (CVSS score: 6.1), impact all versions of Cacti, including and prior to 1.2.26. They have been addressed in version 1.2.27 released on May 13, 2024. The two other flaws affect development versions 1.3.x.
The development comes more than eight months after the disclosure of another critical SQL injection vulnerability (CVE-2023-39361, CVSS score: 9.8) that could permit an attacker to obtain elevated permissions and execute malicious code.
In early 2023, a third critical flaw tracked as CVE-2022-46169 (CVSS score: 9.8) came under active exploitation in the wild, allowing threat actors to breach internet-exposed Cacti servers to deliver botnet malware such as MooBot and ShellBot.
With proof-of-concept (PoC) exploits publicly available for these shortcomings (in the respective GitHub advisories), it’s recommended that users take steps to update their instances to the latest version as soon as possible to mitigate potential threats.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.5 High
AI Score
Confidence
Low
0.965 High
EPSS
Percentile
99.6%