Cacti.remote_agent.php.Remote.Command.Execution
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in Cacti.
A remote, authenticated attacker could exploit this vulnerability by sending a crafted HTTP request. Successful exploitation could result in arbitrary system command execution under the context of the target system.
Outbreak Alert
In affected versions of Cacti v1.2.22, a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti. Gaining access to the Cacti instance of an organization could give attackers with the opportunity to learn about the types of devices on the network and their local IP addresses.
Affected Products
Cacti v1.2.22
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version available from the website.
https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
Version Updates
Date | Version | Detail |
---|---|---|
2023-03-31 | 0.00345 |