March 23, 2023

The open-source platform Cacti has been affected by a critical vulnerability that is been exposed in the wild.

Cacti provides a robust and extensible operational monitoring and fault management framework for users. Researchers discovered that the majority of internet-exposed Cacti servers are vulnerable to the critical flaw tracked as CVE-2022-46169.

A command injection vulnerability exists that can be exploited by an unauthenticated user to execute arbitrary code on a server running Cacti if a specific data source was selected for any monitored device. The flaw resides in the remote_agent.php file that can be accessed by any unauthenticated user. The vulnerability affects versions 1.2.22 and below.

Advertisements

Most of the Cacti servers are running outdated versions, with only 26 servers running a patched version of Cacti (1.2.23 and 1.3.0) and most hosts running Cacti are in Brazil (20.54%), followed by Indonesia (12.37%) and the United States (3.95%).

Researchers reported that threat actors have been actively exploiting the issue since January 3rd, 2023. In some attacks, attackers triggered the issue of deploying malware on vulnerable hosts.

Researchers provided details about the issue and published a video PoC demonstrating the exploitation of a server running a vulnerable version of Cacti:

Tags:

Leave a Reply

You may have missed

Microsoft Snipping Tool Vulnerability

Microsoft Snipping Tool Vulnerability

March 23, 2023
Google Cloud Armor Advanced DDoS Protection

Google Cloud Armor Advanced DDoS Protection

March 22, 2023
BreachForums Curtains Down

BreachForums Curtains Down

March 22, 2023
Google blocks Pinduoduo App amid Security Concerns

Google blocks Pinduoduo App amid Security Concerns

March 22, 2023
Mandiant Report – Nation State Zero Day Exploits in 2022

Mandiant Report – Nation State Zero Day Exploits in 2022

March 22, 2023
Mispadu Banking Trojan

Mispadu Banking Trojan

March 22, 2023
%d bloggers like this: