The maintainers of the Cacti open source network monitoring and fault management framework have addressed more than a dozen security vulnerabilities, including two critical issues that could lead to the execution of arbitrary code.
The most severe vulnerabilities are listed below –
- CVE-2024-25641 (CVSS Rating: 9.1) – An arbitrary file write vulnerability exists in the “Package Import” function, allowing authenticated users with “Import Template” permissions to execute arbitrary PHP code on the web server, resulting in remote code execution
- CVE-2024-29895 (CVSS Rating: 10.0) – When PHP’s “register_argc_argv” option is turned on, a command injection vulnerability allows any unauthenticated user to execute arbitrary commands on the server
Cacti also addresses two additional high-severity flaws that could lead to code execution via SQL injection and file inclusion –
- CVE-2024-31445 (CVSS Rating: 8.8) – SQL injection vulnerability in api_automation.php allowing authenticated users to perform elevation of privileges and remote code execution
- CVE-2024-31459 (CVSS Rating: N/A) – A file inclusion issue in the “lib/plugin.php” file may be combined with a SQL injection vulnerability to lead to remote code execution
It is worth noting that 10 of the 12 flaws (except CVE-2024-29895 and CVE-2024-30268 (CVSS score: 6.1)) affect all versions of Cacti, including 1.2.26 and earlier versions. These issues were resolved in version 1.2.27, released on May 13, 2024.
This development comes more than eight months after the disclosure of another critical SQL injection vulnerability (CVE-2023-39361, CVSS score: 9.8) that could allow an attacker to gain elevated privileges and execute malicious code.
In early 2023, a third critical flaw, tracked as CVE-2022-46169 (CVSS score: 9.8), was actively exploited in the wild, allowing threat actors to breach Cacti servers exposed on the Internet to spread bots such as MooBot and ShellBot Internet malware.
With proof-of-concept (PoC) exploits for these flaws publicly available (in corresponding GitHub announcements), users are advised to take steps to update their instances to the latest version as soon as possible to mitigate potential threats.
56 Comments
Pingback: Critical flaw in Cacti framework could allow attackers to execute malicious code – Mary Ashley
I loved as much as you will receive carried out right here The sketch is tasteful your authored subject matter stylish nonetheless you command get got an edginess over that you wish be delivering the following unwell unquestionably come further formerly again as exactly the same nearly very often inside case you shield this hike
La weekly naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Live Coin Watch naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Internet Chicks I like the efforts you have put in this, regards for all the great content.
Internet Chicks I truly appreciate your technique of writing a blog. I added it to my bookmark site list and will
Simplywall naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
allegheny county real estate I am truly thankful to the owner of this web site who has shared this fantastic piece of writing at at this place.
Wow amazing blog layout How long have you been blogging for you made blogging look easy The overall look of your web site is magnificent as well as the content
My brother recommended I might like this web site He was totally right This post actually made my day You cannt imagine just how much time I had spent for this information Thanks
gadunslot gadunslot
gadunslot
Fantastic post however I was wanting to know if you could write a litte more on this topic?
I’d be very thankful if you could elaborate a little bit further.
Kudos!
pejuang jitu pejuang jitu pejuang jitu pejuang jitu
Very good post! We will be linking to this great article
on our website. Keep up the great writing.
kpktoto kpktoto kpktoto kpktoto
It’s awesome designed for me to have a site, which is useful for my experience.
thanks admin
dunia777 dunia777 dunia777
Wonderful article! This is the kind of info that are meant to be shared
across the web. Shame on Google for not positioning this post
higher! Come on over and consult with my site . Thanks =)
Technoob I do not even understand how I ended up here, but I assumed this publish used to be great
Mating Press naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Fran Candelera Great information shared.. really enjoyed reading this post thank you author for sharing this post .. appreciated
jonitogel jonitogel jonitogel
My brother recommended I might like this website.
He was once entirely right. This put up actually made my day.
You can not imagine just how a lot time I had spent for this information! Thanks!
This blog was… how do you say it? Relevant!! Finally I’ve found something that
helped me. Thank you!
Way cool! Some extremely valid points! I appreciate you writing
this write-up and the rest of the website is really
good.
Keep up the fantastic work! Kalorifer Sobası odun, kömür, pelet gibi yakıtlarla çalışan ve ısıtma işlevi gören bir soba türüdür. Kalorifer Sobası içindeki yakıtın yanmasıyla oluşan ısıyı doğrudan çevresine yayar ve aynı zamanda suyun ısınmasını sağlar.
Mangaclash Pretty! This has been a really wonderful post. Many thanks for providing these details.
Mangaclash naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Lois Sasson This is really interesting, You’re a very skilled blogger. I’ve joined your feed and look forward to seeking more of your magnificent post. Also, I’ve shared your site in my social networks!
I used to be suggested this website by way of my cousin. I’m not
sure whether this publish is written by him as no one else realize such exact approximately my difficulty.
You are wonderful! Thank you!
Houzzmagazine I am truly thankful to the owner of this web site who has shared this fantastic piece of writing at at this place.
Blue Techker There is definately a lot to find out about this subject. I like all the points you made
This is the perfect blog for anybody who wishes to understand this topic.
You know so much its almost tough to argue with you (not that I actually would want to…HaHa).
You certainly put a brand new spin on a subject that’s been written about for decades.
Great stuff, just wonderful!
Noodlemagazine naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Noodlemagazine I just like the helpful information you provide in your articles
It is appropriate time to make some plans for the future and it’s time to be happy.
I’ve read this post and if I could I wish to suggest you some interesting things or suggestions.
Maybe you can write next articles referring to this article.
I want to read more things about it!
Hey! I could have sworn I’ve been to this site before but after checking through some of
the post I realized it’s new to me. Anyhow, I’m definitely delighted I found it and I’ll be bookmarking and checking back often!
This article gives clear idea in support of the new viewers of blogging, that in fact how to do blogging and site-building.
Hey there just wanted to give you a quick heads up.
The words in your article seem to be running off the screen in Chrome.
I’m not sure if this is a formatting issue or something to do with internet browser compatibility but I figured I’d post to let you know.
The style and design look great though! Hope you get the
issue solved soon. Many thanks
I’d like to thank you for the efforts you have
put in writing this blog. I really hope
to see the same high-grade content from you in the future
as well. In truth, your creative writing abilities has inspired me to get my very own site now 😉
Fantastic website you have here but I was wanting to know if
you knew of any message boards that cover the same topics talked
about in this article? I’d really love to be a part of online
community where I can get advice from other knowledgeable people that share
the same interest. If you have any suggestions,
please let me know. Thanks a lot!
Hi would you mind sharing which blog platform you’re using?
I’m going to start my own blog in the near future but I’m having a difficult time deciding between BlogEngine/Wordpress/B2evolution and
Drupal. The reason I ask is because your design and style seems different then most blogs and I’m looking
for something completely unique.
P.S Sorry for being off-topic but I had to ask!
With havin so much written content do you ever run into any issues of plagorism or copyright violation?
My blog has a lot of exclusive content I’ve either written myself or outsourced but it looks like a lot of it is popping it up all
over the internet without my authorization. Do you know any techniques to help stop content
from being stolen? I’d truly appreciate it.
Hey, I think your blog might be having browser compatibility issues.
When I look at your blog in Safari, it looks fine but when opening in Internet
Explorer, it has some overlapping. I just wanted to give you a quick heads
up! Other then that, terrific blog!
Greetings from Florida! I’m bored to tears at work
so I decided to check out your site on my iphone during lunch break.
I enjoy the knowledge you provide here and can’t wait to take a look when I get home.
I’m surprised at how fast your blog loaded on my phone ..
I’m not even using WIFI, just 3G .. Anyways, amazing site!
Hmm is anyone else having problems with the pictures on this blog loading?
I’m trying to figure out if its a problem on my end or if it’s the
blog. Any responses would be greatly appreciated.
Yes! Finally someone writes about https://kingtidemusic.com/.
Very nice article, just what I wanted to find.
Pretty section of content. I just stumbled upon your weblog and
in accession capital to assert that I get in fact enjoyed account your blog posts.
Any way I will be subscribing to your augment and even I achievement you access consistently quickly.
What’s up to all, since I am truly keen of reading this
website’s post to be updated regularly. It includes fastidious material.
Hmm it seems like your blog ate my first comment (it was super long)
so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog.
I too am an aspiring blog writer but I’m still new to the whole thing.
Do you have any points for inexperienced blog writers?
I’d really appreciate it.
It’s very simple to find out any matter on web as compared to books,
as I found this article at this web page.
Just want to say your article is as astounding.
The clearness in your post is just excellent and i can assume you are a
professional in this subject. Fine together with your permission let me to take hold of
your RSS feed to stay updated with approaching post. Thanks one million and please keep up the rewarding work.
constantly i used to read smaller content that also clear their motive, and
that is also happening with this article which I am reading
at this place.
If you desire to get much from this piece of writing then you have to apply these strategies to your won webpage.
Hi there! Do you know if they make any plugins to safeguard against hackers?
I’m kinda paranoid about losing everything I’ve
worked hard on. Any tips?
This website definitely has all of the info I wanted about this subject and didn’t
know who to ask.
My developer is trying to persuade me to move to .net from
PHP. I have always disliked the idea because of the costs.
But he’s tryiong none the less. I’ve been using WordPress on a variety
of websites for about a year and am nervous about switching to another platform.
I have heard great things about blogengine.net. Is there a way
I can import all my wordpress posts into it? Any kind of help would be
really appreciated!
Hey there, You have done a fantastic job. I will certainly digg it
and personally suggest to my friends. I am sure they will be
benefited from this site.
I’m not certain the place you’re getting your info, but good topic.
I needs to spend some time finding out much more or figuring out more.
Thank you for magnificent information I was
searching for this information for my mission.
Admiring the hard work you put into your website and detailed information you present.
It’s good to come across a blog every once in a while that isn’t the same
outdated rehashed information. Great read! I’ve saved your site
and I’m including your RSS feeds to my Google account.