Critical Cacti Vulnerabilities Addressed in Latest Update
Cacti is a popular open-source platform for monitoring network health and performance. Several vulnerabilities were discovered in Cacti, which have been patched in the latest version 1.2.27. This update is crucial for users relying on Cacti for network performance tracking and issue resolution.
Overview of Cacti Vulnerabilities
Cacti developers fixed 12 security issues, including two highly severe ones (CVE-2024-25641 & CVE-2024-29895). These vulnerabilities could grant attackers remote code execution, giving them complete control over affected systems.
CVE-2024-25641 (CVSS score: 9.1): This is an arbitrary file write flaw in the “Package Import” feature. It allows authenticated users with the “Import Templates” permission to write malicious PHP code anywhere on the server. By exploiting this flaw, attackers can achieve remote code execution and take control of the server.
CVE-2024-29895 (CVSS score: 10.0): This command injection vulnerability allows any unauthenticated user to execute arbitrary commands on the server if the “register_argc_argv” option in PHP is “On”.
Cacti has also addressed two other high-severity vulnerabilities that could lead to code execution:
CVE-2024-31445 (CVSS score: 8.8): This SQL injection vulnerability exists in the api_automation.php file. It enables authenticated users to escalate their privileges and execute code remotely. By manipulating SQL queries, an attacker can gain unauthorized access and potentially control the system.
CVE-2024-31459 (CVSS score: N/A): This file inclusion issue in the lib/plugin.php file can be exploited in combination with SQL injection vulnerabilities to achieve remote code execution. Such vulnerabilities can be used to include malicious files from external sources or user inputs without proper validation. Attackers can access sensitive information, execute arbitrary code, or compromise the server.
Don’t Wait, Update Now
Out of the twelve addressed vulnerabilities, ten impacted all versions of Cacti before 1.2.27. The latest stable version, 1.2.27, released on May 13, 2024, addresses all these vulnerabilities. The remaining two flaws (CVE-2024-29895 and CVE-2024-30268) impact development version 1.3.x.
Given the availability of proof-of-concept (PoC) exploits for these vulnerabilities, it is highly recommended that users immediately update their Cacti instances to the latest version (1.2.27). Keeping Cacti updated is essential to mitigate security risks and ensure robust network monitoring and management.
The sources for this article include a story from TheHackerNews.