Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Configurations
History
18 Mar 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2023, 05:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 | |
References |
|
20 Oct 2023, 19:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* |
|
CWE | CWE-77 | |
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (MISC) http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/ - Mailing List | |
References | (MISC) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/ - Mailing List |
13 Oct 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Oct 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Sep 2023, 23:59
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | (MISC) https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp - Exploit, Vendor Advisory | |
CPE | cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* | |
First Time |
Cacti
Cacti cacti |
05 Sep 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-05 22:15
Updated : 2024-03-18 20:15
NVD link : CVE-2023-39362
Mitre link : CVE-2023-39362
CVE.ORG link : CVE-2023-39362
JSON object : View
Products Affected
cacti
- cacti
fedoraproject
- fedora