January 9, 2024 at 12:38PM
A critical vulnerability in Cacti’s web-based open source framework for monitoring network performance allows attackers to disclose its entire database. Exploiting this, along with a previously disclosed vulnerability, could lead to remote code execution. The severity of this issue is rated 8.8 out of 10. It’s not widespread but poses a significant threat to vulnerable systems.
Key takeaways from the meeting notes are as follows:
1. Vulnerability in Cacti: The critical vulnerability, tracked as CVE-2023-51448, exists in Cacti version 1.2.25. This vulnerability could allow an attacker to gain unauthorized access to Cacti’s entire database contents or trigger remote code execution (RCE). It has a severity rating of 8.8 on the CVSS 3.1 scale and requires an authenticated account with the “Settling/Utilities” privilege to exploit.
2. Exposure: Thousands of websites use Cacti to collect network performance information, making it potentially vulnerable to attackers looking for reconnaissance opportunities within an organization’s IT footprint.
3. Attack Vector: An attacker with access to an account with the required privileges can exploit the vulnerability with ease by sending a specially crafted HTTP GET request with an SQL injection payload to the endpoint ‘/managers.php’.
4. Potential Risk: The vulnerability poses a significant risk for organizations, particularly since Shodan search listed more than 4,000 potentially vulnerable Cacti hosts.
5. Previous Vulnerabilities: This is not the first vulnerability reported in Cacti, as there have been several others over the past year, such as CVE-2022-46169 and CVE-2023-39362.
It is important to note that this information should be disseminated to the relevant teams within the organization for further action and awareness.