Cacti Framework Vulnerable to Attackers Executing Malicious Code Bugs Detected

May 14, 2024
1 min read


TLDR:

Key points of the article:

  • 12 security flaws in Cacti framework addressed, including 2 critical issues
  • Most severe vulnerabilities include arbitrary code execution and command injection

In the latest development, the maintainers of the Cacti open-source network monitoring and fault management framework have rectified a total of twelve security flaws, with two critical issues that could potentially lead to the execution of malicious code. The most severe vulnerabilities include an arbitrary code write vulnerability in the “Package Import” feature and a command injection flaw. These flaws could allow attackers to execute arbitrary PHP code on the server and carry out unauthorized commands respectively.

Additionally, two other high-severity flaws were also addressed, which could result in code execution through SQL injection and file inclusion. It’s important to note that the majority of these vulnerabilities impact all versions of Cacti, including versions prior to 1.2.26. The flaws have been patched in the latest version 1.2.27 released on May 13, 2024.

Noteworthy is the fact that a critical SQL injection vulnerability was disclosed in Cacti eight months prior, with another critical flaw under exploitation in early 2023. With proof-of-concept exploits available for some of these vulnerabilities, users are strongly advised to update their instances to the latest version to mitigate potential risks.


Latest from Blog

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for

Big cyber-attacks cost less now

Summary of Unexpectedly, the cost of big cyber-attacks is falling TLDR: Cybercrime costs are expected to rise to $23 trillion by 2027, according to Anne Neuberger Data shows that the economic impact