ClickCease Debian Security Updates Patch Cacti Vulnerabilities

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Debian Security Updates Patch Cacti Vulnerabilities

Rohan Timalsina

April 11, 2024 - TuxCare expert team

Multiple security vulnerabilities were discovered in Cacti, a widely used web interface for monitoring system graphs. These vulnerabilities, if exploited, could lead to severe consequences such as cross-site scripting (XSS), SQL injection, or command injection. In response, the Debian security team has promptly released security updates to mitigate these vulnerabilities in Debian 11 “Bullseye” and Debian 12 “Bookworm” releases.

Let’s delve into the specifics of these vulnerabilities and the corresponding fixes:


Cacti Vulnerabilities Fixed in Debian 11 and Debian 12



This vulnerability involves a Stored Cross-Site Scripting (XSS) exploit, allowing authenticated users to manipulate data. By bypassing certain validations and exploiting the returnto parameter in graphs_new.php, attackers can poison data, potentially compromising the integrity of the system.



Another XSS vulnerability, this time affecting data stored in the Cacti database. By injecting malicious code into data-query templates, attackers can execute JavaScript code in the victim’s browser, posing a significant threat to system security.



This vulnerability exposes Cacti to SQL injection attacks due to insufficient processing of include file paths. Authorized users could exploit this vulnerability in link.php, potentially leading to the execution of arbitrary code on the server.



In versions prior to 1.2.25, an SQL injection vulnerability exists in pollers.php, allowing authorized users to execute arbitrary SQL code, posing a serious risk to data integrity.



Exploiting a bypass in an earlier fix (CVE-2023-39360), attackers can launch a DOM XSS attack via graphs_new.php, potentially executing arbitrary JavaScript code in the victim’s browser.



Despite an attempted fix for CVE-2023-39515, an incomplete patch in version 1.2.25 enables adversaries to execute malicious code via data_debug.php, posing a threat to users with specific permissions.



This vulnerability enables reflection XSS attacks via templates_import.php, potentially allowing attackers to impersonate users and perform unauthorized actions.



Reflected Cross-Site Scripting (XSS) vulnerability in Cacti v1.2.25 allows remote attackers to escalate privileges when uploading an XML template file via templates_import.php.


Mitigation Efforts


To address these Cacti vulnerabilities, Debian has released fixes for both the oldstable (Bullseye) and stable (Bookworm) distributions. Users are strongly advised to upgrade their Cacti packages to the patched versions (1.2.16+ds1-2+deb11u3 for Bullseye and 1.2.24+ds1-1+deb12u2 for Bookworm) to mitigate the risk of exploitation.

To ensure the maximum protection of the Debian system, users can leverage the KernelCare live patching solution for automated vulnerability patching without needing to reboot the system or schedule downtime. KernelCare offers live patching for all popular Linux distributions, including Debian, Ubuntu, AlmaLinux, CentOS, Rocky Linux, RHEL, Oracle Linux, CloudLinux, Amazon Linux, and more.

To learn more about live patching strategy and modernizing your Linux patching approach, send patching-related questions to a TuxCare security expert.


Source: DSA 5646-1

Debian Security Updates Patch Cacti Vulnerabilities
Article Name
Debian Security Updates Patch Cacti Vulnerabilities
Learn about critical Cacti vulnerabilities and fixes in Debian releases. Stay informed and secure your systems against potential risks.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter