Cacti v1.2.22 - Remote Command Execution (RCE)

vendor:

Cacti

by:

Riadh BOUCHAHOUA

9.8

CVSS

CRITICAL

Remote Command Execution (RCE)

CWE

Product Name: Cacti

Affected Version From: 1.2.2x

Affected Version To: 1.2.22

Patch Exists: YES

Related CWE: CVE-2022-46169

CPE: a:cacti:cacti:1.2.22

Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2022-46169/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2022-46169/, https://www.rapid7.com/db/modules/exploit/linux/http/cacti_unauthenticated_cmd_injection/, https://www.rapid7.com/db/vulnerabilities/amazon_linux-cve-2022-46169/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2022-46169/

Other Scripts: https://www.infosecmatter.com/why-your-exploit-completed-but-no-session-was-created-try-these-fixes/

Tags: cve,cve2022,auth-bypass,cacti,kev,rce,unauth

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Nuclei References: https://security-tracker.debian.org/tracker/CVE-2022-46169, https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf, https://www.cybersecurity-help.cz/vdb/SB2022121926, https://nvd.nist.gov/vuln/detail/CVE-2022-46169, https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216

Nuclei Metadata: {'max-request': 1, 'shodan-query': 'title:"Login to Cacti"', 'verified': True, 'vendor': 'cacti', 'product': 'cacti'}

Platforms Tested: Debian 10/11

2022

Cacti v1.2.22 – Remote Command Execution (RCE)

Cacti is vulnerable to Remote Command Execution (RCE) due to improper input validation. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to execute arbitrary commands on the server.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of Cacti.

Source

Cacti v1.2.22 – Remote Command Execution (RCE)

Mitigation:

Exploit-DB raw data: