Critical Cacti Vulnerability Enables Remote Code Execution by Attackers

Home/malicious cyber actors, Remote code execution, Security Advisory, Security Update, vulnerability/Critical Cacti Vulnerability Enables Remote Code Execution by Attackers

Critical Cacti Vulnerability Enables Remote Code Execution by Attackers

Cacti, a widely used network monitoring tool, has released a critical security update addressing various vulnerabilities, notably CVE-2024-25641, rated with a high severity score of 9.1 on the CVSS scale, highlighting its significant potential impact on affected systems.

Cacti Vulnerability

CVE-2024-25641 permits authenticated users with the “Import Templates” permission to execute arbitrary PHP code on the server hosting the Cacti application. The vulnerability arises from inadequate sanitization and validation of file names and content within uploaded XML data in the import_package() function, potentially resulting in arbitrary file writes on the web server.

Security researcher Egidio Romano has demonstrated the exploitability of this vulnerability through a proof-of-concept PHP script.

This script demonstrates how attackers can manipulate the import process to inject and execute malicious code, thereby gaining unauthorized access to the system.

Additional Vulnerabilities and Remediations

In addition to CVE-2024-25641, the latest Cacti update addresses several other security issues:

  • CVE-2024-34340 (CVSS 4.2): An authentication bypass issue due to older password hashes, potentially allowing unauthorized access.
  • CVE-2024-31443 (CVSS 5.7) and CVE-2024-27082 (CVSS 7.6): These vulnerabilities relate to XSS flaws that could enable attackers to inject client-side scripts into web pages and manipulate sessions.
  • CVE-2024-31444, CVE-2024-31458, CVE-2024-31460, and CVE-2024-31445 (ranging from CVSS 4.6 to 8.8): A series of SQL injection flaws that could allow attackers to alter the framework’s database queries, leading to unauthorized data manipulation or access.
  • CVE-2024-31459: An RCE vulnerability linked to file inclusion via plugins, which could allow the execution of arbitrary code.
  • CVE-2024-29894: An XSS vulnerability in the JavaScript-based messaging API exploitable for executing malicious scripts.

These vulnerabilities range in severity, from cross-site scripting (XSS) attacks to SQL injection and arbitrary code execution. With technical details and proof-of-concept code now public, the urgency for Cacti users to update their systems cannot be overstated.

All platform users are strongly encouraged to upgrade to version 1.2.27 or later promptly to mitigate the risks associated with these vulnerabilities. The release of these patches underscores the ongoing challenges and critical importance of maintaining up-to-date security practices in network monitoring tools like Cacti. Users must remain vigilant and proactive in applying security updates to safeguard their networks from potential threats.

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!