4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.093 Low
EPSS
Percentile
94.8%
Cacti is an open source operational monitoring and fault management
framework. There are two instances of insecure deserialization in Cacti
version 1.2.24. While a viable gadget chain exists in Cacti’s vendor
directory (phpseclib), the necessary gadgets are not included, making them
inaccessible and the insecure deserializations not exploitable. Each
instance of insecure deserialization is due to using the unserialize
function without sanitizing the user input. Cacti has a “safe”
deserialization that attempts to sanitize the content and check for
specific values before calling unserialize, but it isn’t used in these
instances. The vulnerable code lies in graphs_new.php, specifically within
the host_new_graphs_save function. This issue has been addressed in version
1.2.25. Users are advised to upgrade. There are no known workarounds for
this vulnerability.