Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

The maintainers of the Cacti open up-source network monitoring and fault management framework have dealt with a dozen security flaws, together with two critical issues that could direct to the execution of arbitrary code.

The most severe of the vulnerabilities are outlined below –

• CVE-2024-25641 (CVSS rating: 9.1) – An arbitrary file generate vulnerability in the “Bundle Import” aspect that enables authenticated people owning the “Import Templates” authorization to execute arbitrary PHP code on the web server, ensuing in distant code execution

• CVE-2024-29895 (CVSS rating: 10.) – A command injection vulnerability enables any unauthenticated person to execute arbitrary command on the server when the “sign up_argc_argv” option of PHP is On

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

Also tackled by Cacti are two other high-severity flaws that could lead to code execution by way of SQL injection and file inclusion –

• CVE-2024-31445 (CVSS score: 8.8) – An SQL injection vulnerability in api_automation.php that permits authenticated consumers to carry out privilege escalation and remote code execution

• CVE-2024-31459 (CVSS score: N/A) – A file inclusion issue in the “lib/plugin.php” file that could be combined with SQL injection vulnerabilities to final result in remote code execution

It truly is value noting that 10 out of the 12 flaws, with the exception of CVE-2024-29895 and CVE-2024-30268 (CVSS rating: 6.1), affect all variations of Cacti, like and prior to 1.2.26. They have been addressed in variation 1.2.27 introduced on May possibly 13, 2024. The two other flaws have an affect on the growth variations 1.3.x.

The improvement comes more than eight months just after the disclosure of a further critical SQL injection vulnerability (CVE-2023-39361, CVSS score: 9.8) that could permit an attacker to get hold of elevated permissions and execute destructive code.

In early 2023, a 3rd critical flaw tracked as CVE-2022-46169 (CVSS score: 9.8) arrived underneath lively exploitation in the wild, allowing menace actors to breach internet-exposed Cacti servers to provide botnet malware these types of as MooBot and ShellBot.

With evidence-of-strategy (PoC) exploits publicly accessible for these shortcomings (in the respective GitHub advisories), it is suggested that people get actions to update their occasions to the hottest variation as shortly as possible to mitigate opportunity threats.

Discovered this short article fascinating? Follow us on Twitter  and LinkedIn to examine a lot more distinctive content we post.