Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

May 14, 2024 at 08:30AM

Cacti network monitoring framework has addressed a dozen security flaws, including critical vulnerabilities like arbitrary code execution via file write and command injection. These flaws impact all versions prior to 1.2.26 and have been fixed in version 1.2.27. Users are advised to update to the latest version promptly to mitigate threats.

Summary of Meeting Notes:

– Cacti open-source network monitoring framework has addressed a dozen security flaws, including two critical issues:
1. CVE-2024-25641: An arbitrary file write vulnerability in the “Package Import” feature allowing authenticated users to execute arbitrary PHP code (CVSS score: 9.1).
2. CVE-2024-29895: A command injection vulnerability allowing unauthenticated users to execute arbitrary commands on the server (CVSS score: 10.0).

– Two other high-severity flaws have been addressed affecting Cacti:
1. CVE-2024-31445: An SQL injection vulnerability in api_automation.php allowing authenticated users to perform privilege escalation and remote code execution (CVSS score: 8.8).
2. CVE-2024-31459: A file inclusion issue in the “lib/plugin.php” file that could be combined with SQL injection to result in remote code execution.

– Majority of the flaws impact all versions of Cacti, except for two, and have been addressed in version 1.2.27 released on May 13, 2024.

– Previous critical vulnerabilities (CVE-2023-39361 and CVE-2022-46169) were disclosed, with PoC exploits publicly available. It is recommended for users to update their instances to the latest version to mitigate potential threats.

Please let me know if you need any further details or if there are specific action items to be highlighted from these meeting notes.

Full Article