The Synopsys Cybersecurity Research Center (CyRC) has recently identified a critical vulnerability in the Cacti Monitoring Tool, an open source framework used for monitoring network performance [1] [2]. This vulnerability, tracked as CVE-2023-51448 [1] [2], enables attackers to gain unauthorized access to the entire Cacti database through a blind SQL injection attack. The severity of this vulnerability is rated 8.8 out of 10 on the CVSS 3.1 scale [3].
Description
The vulnerability arises from the failure of the Cacti application to properly sanitize input data, making it susceptible to this type of attack. It specifically affects Cacti version 1.2.25. However, an updated version has been released to address this issue [3]. Exploiting the vulnerability requires an authenticated account with the ‘Settings/Utilities’ privilege. Furthermore, it is possible to combine this vulnerability with another previously disclosed vulnerability [2] [3], CVE-2023-49084 [1] [2] [3], to achieve remote code execution on vulnerable systems [1] [2] [3]. To trigger the vulnerability [2] [3], an attacker with the necessary privileges would need to send a specially crafted HTTP GET request to the ‘/managers.php’ endpoint [3].
In addition to these vulnerabilities [3], there have been other reported vulnerabilities in Cacti [1] [3]. These include an unauthenticated command injection vulnerability (CVE-2022-46169) and another vulnerability (CVE-2023-39362) disclosed in June [3]. Exploits for both of these vulnerabilities are publicly available [3]. It is crucial to promptly update the software and implement proper security measures to mitigate these risks.
Conclusion
The discovery of this critical vulnerability in the Cacti Monitoring Tool highlights the importance of maintaining up-to-date software and implementing robust security measures. Failure to do so can result in unauthorized access to sensitive data and potential remote code execution. It is imperative for users of Cacti to promptly update to the latest version and remain vigilant for any future vulnerabilities.
References
[1] https://www.darkreading.com/vulnerabilities-threats/cacti-monitoring-tool-critical-sql-injection-vulnerability
[2] https://ciso2ciso.com/cacti-monitoring-tool-spiked-by-critical-sql-injection-vulnerability-source-www-darkreading-com/
[3] https://vulnera.com/newswire/critical-sql-injection-vulnerability-detected-in-cacti-monitoring-tool/
