virus logo Web Application Security

Cacti.remote_agent.php.Remote.Command.Execution

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in Cacti.
A remote, authenticated attacker could exploit this vulnerability by sending a crafted HTTP request. Successful exploitation could result in arbitrary system command execution under the context of the target system.

description-logoOutbreak Alert

In affected versions of Cacti v1.2.22, a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti. Gaining access to the Cacti instance of an organization could give attackers with the opportunity to learn about the types of devices on the network and their local IP addresses.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Cacti v1.2.22

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Upgrade to the latest version available from the website.
https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

Version Updates

Date Version Detail
2023-03-31 0.00345

CVE References

CVE-2022-46169
ID 1090501720
Created Mar 31, 2023
Updated Mar 31, 2023
Outbreak Alert Cacti Command Injection
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Default Action pass
Active
Affected OS Windows, Linux
Affected App Other
Engine Version 5.0.0 or later