The maintainers of the Cacti open source network monitoring and fault management framework have addressed more than a dozen security vulnerabilities, including two critical issues that could lead to the execution of arbitrary code.
The most severe vulnerabilities are listed below –
- CVE-2024-25641 (CVSS Rating: 9.1) – An arbitrary file write vulnerability exists in the “Package Import” function, allowing authenticated users with “Import Template” permissions to execute arbitrary PHP code on the web server, resulting in remote code execution
- CVE-2024-29895 (CVSS Rating: 10.0) – When PHP’s “register_argc_argv” option is turned on, a command injection vulnerability allows any unauthenticated user to execute arbitrary commands on the server
Cacti also addresses two additional high-severity flaws that could lead to code execution via SQL injection and file inclusion –
- CVE-2024-31445 (CVSS Rating: 8.8) – SQL injection vulnerability in api_automation.php allowing authenticated users to perform elevation of privileges and remote code execution
- CVE-2024-31459 (CVSS Rating: N/A) – A file inclusion issue in the “lib/plugin.php” file may be combined with a SQL injection vulnerability to lead to remote code execution
It is worth noting that 10 of the 12 flaws (except CVE-2024-29895 and CVE-2024-30268 (CVSS score: 6.1)) affect all versions of Cacti, including 1.2.26 and earlier versions. These issues were resolved in version 1.2.27, released on May 13, 2024.
This development comes more than eight months after the disclosure of another critical SQL injection vulnerability (CVE-2023-39361, CVSS score: 9.8) that could allow an attacker to gain elevated privileges and execute malicious code.
In early 2023, a third critical flaw, tracked as CVE-2022-46169 (CVSS score: 9.8), was actively exploited in the wild, allowing threat actors to breach Cacti servers exposed on the Internet to spread bots such as MooBot and ShellBot Internet malware.
With proof-of-concept (PoC) exploits for these flaws publicly available (in corresponding GitHub announcements), users are advised to take steps to update their instances to the latest version as soon as possible to mitigate potential threats.
26 Comments
Pingback: Critical flaw in Cacti framework could allow attackers to execute malicious code – Mary Ashley
I loved as much as you will receive carried out right here The sketch is tasteful your authored subject matter stylish nonetheless you command get got an edginess over that you wish be delivering the following unwell unquestionably come further formerly again as exactly the same nearly very often inside case you shield this hike
La weekly naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Live Coin Watch naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Internet Chicks I like the efforts you have put in this, regards for all the great content.
Internet Chicks I truly appreciate your technique of writing a blog. I added it to my bookmark site list and will
Simplywall naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
allegheny county real estate I am truly thankful to the owner of this web site who has shared this fantastic piece of writing at at this place.
Wow amazing blog layout How long have you been blogging for you made blogging look easy The overall look of your web site is magnificent as well as the content
My brother recommended I might like this web site He was totally right This post actually made my day You cannt imagine just how much time I had spent for this information Thanks
gadunslot gadunslot
gadunslot
Fantastic post however I was wanting to know if you could write a litte more on this topic?
I’d be very thankful if you could elaborate a little bit further.
Kudos!
pejuang jitu pejuang jitu pejuang jitu pejuang jitu
Very good post! We will be linking to this great article
on our website. Keep up the great writing.
kpktoto kpktoto kpktoto kpktoto
It’s awesome designed for me to have a site, which is useful for my experience.
thanks admin
dunia777 dunia777 dunia777
Wonderful article! This is the kind of info that are meant to be shared
across the web. Shame on Google for not positioning this post
higher! Come on over and consult with my site . Thanks =)
Technoob I do not even understand how I ended up here, but I assumed this publish used to be great
Mating Press naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Fran Candelera Great information shared.. really enjoyed reading this post thank you author for sharing this post .. appreciated
jonitogel jonitogel jonitogel
My brother recommended I might like this website.
He was once entirely right. This put up actually made my day.
You can not imagine just how a lot time I had spent for this information! Thanks!
This blog was… how do you say it? Relevant!! Finally I’ve found something that
helped me. Thank you!
Way cool! Some extremely valid points! I appreciate you writing
this write-up and the rest of the website is really
good.
Keep up the fantastic work! Kalorifer Sobası odun, kömür, pelet gibi yakıtlarla çalışan ve ısıtma işlevi gören bir soba türüdür. Kalorifer Sobası içindeki yakıtın yanmasıyla oluşan ısıyı doğrudan çevresine yayar ve aynı zamanda suyun ısınmasını sağlar.
Mangaclash Pretty! This has been a really wonderful post. Many thanks for providing these details.
Mangaclash naturally like your web site however you need to take a look at the spelling on several of your posts. A number of them are rife with spelling problems and I find it very bothersome to tell the truth on the other hand I will surely come again again.
Lois Sasson This is really interesting, You’re a very skilled blogger. I’ve joined your feed and look forward to seeking more of your magnificent post. Also, I’ve shared your site in my social networks!
I used to be suggested this website by way of my cousin. I’m not
sure whether this publish is written by him as no one else realize such exact approximately my difficulty.
You are wonderful! Thank you!
Houzzmagazine I am truly thankful to the owner of this web site who has shared this fantastic piece of writing at at this place.