Cacti Patches Critical Flaws: Urgent Update Needed for Network Security

The developers of Cacti, an open-source system for network monitoring and management, have addressed 12 vulnerabilities, including two critical ones leading to arbitrary code execution.

CVE-2024-29895

Here are the most severe vulnerabilities that have been fixed:

  • CVE-2024-25641 (CVSS score 9.1): A vulnerability in the “Package Import” function allowing authenticated users with “Template Import” permissions to execute arbitrary PHP code on the web server, potentially leading to remote code execution.
  • CVE-2024-29895 (CVSS score 10.0): A command injection vulnerability that allows any unauthenticated user to execute arbitrary commands on the server if the “register_argc_argv” option is enabled in PHP.

Additionally, two other critical vulnerabilities that could lead to code execution via SQL injection and file inclusion have been fixed:

  • CVE-2024-31445 (CVSS score 8.8): An SQL injection vulnerability in api_automation.php, enabling authenticated users to escalate privileges and subsequently execute remote code.
  • CVE-2024-31459 (CVSS score: temporarily unavailable): A file inclusion issue in lib/plugin.php, which can be exploited in conjunction with the SQL injection vulnerability to execute remote code.

It is important to note that 10 out of the 12 vulnerabilities, excluding CVE-2024-29895 and CVE-2024-30268, affect all versions of Cacti up to and including 1.2.26. These issues have been resolved in version 1.2.27, released on May 13, 2024. The other two vulnerabilities affect the developer version 1.3.x.

This situation with Cacti arises more than eight months after another critical SQL injection vulnerability (CVE-2023-39361, CVSS score 9.8) was identified, allowing attackers to gain elevated privileges and execute malicious code.

Earlier in 2023, a critical vulnerability identified as CVE-2022-46169 with a CVSS score of 9.8 allowed attackers to compromise internet-exposed Cacti servers to propagate the MooBot and ShellBot botnets.

Since proof-of-concept exploits for the aforementioned vulnerabilities are already available in public GitHub repositories, it is strongly recommended to update your systems to the latest version as soon as possible to mitigate potential threats.