• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Cacti Command Injection Vulnerability

Released: Feb 16, 2023

Download PDF »

Cacti Command Injection

Medium Severity

Vulnerability Type

Critical vulnerability exploited in the wild

In affected versions of Cacti v1.2.22, a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti. Gaining access to the Cacti instance of an organization could give attackers with the opportunity to learn about the types of devices on the network and their local IP addresses. Learn More »

Common Vulnerabilities and Exposures

CVE-2022-46169

Background

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users.

Threat Radar Overall Score:
CVSS Rating 9.0
FortiRecon Score 92/100
Known Exploited Yes
Exploit Prediction Score 96.53%
FortiGuard Telemetry 5945

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


December 5, 2022: The patch was released in version 1.2.23 and 1.3.0 on https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf


February 16, 2023: CISA released advisory and has added CVE-202246169 to its list of known exploited vulnerability (KEV).

FortiGuard Labs has already released an IPS signature, in January, to detect and block such attacks and also recommends Cacti admins to patch the vulnerable Cacti versions to 1.2.23, 1.3.0 and above.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • IPS

  • Application Firewall

DETECT
RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • InfoSec Services

IDENTIFY

  • Attack Surface Monitoring (Inside & Outside)

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
80.68.196.6 ip Active
209.141.46.211 ip Active
46.101.183.162 ip Active
http://80.68.196.6/ff url Active
85.239.33.32 ip Active
http://85.239.33.32/plm url Active
http://209.141.46.211/bot/nginx86 url Active
http://46.101.183.162/.xx/web url Active
173.208.220.134 ip Active
173.208.220.134:8080 ip Active