Unknown
CVE-2023-49084
CVE-2023-49084
Description
Cacti is a robust performance and fault management framework and a frontend to RRDTool – a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the link.php. Impact of the vulnerability execution of arbitrary code on the server.
Add Assessment
Technical Analysis
This is a local file inclusion vulnerability that affects the external links page link.php. When chained with CVE-2023-49084, a SQL injection vulnerability in the pollers.php script, an attacker can achieve remote code execution. It requires to be authenticated with specific permissions to exploit the SQL injection, but if these conditions are met, an attacker can update the database and exploit this vulnerability.
The attack consists in creating an external link entry in the database that points to the Cacti log file and setting all the permissions needed to access it. Then, the attacker just has to inject a stager payload the logs, which will be triggered when the external link page is requested. A Metasploit module exists for this.
Since this vulnerability requires an user account setup with specific permissions, the risk is lowered. However, remote code execution is still considered a serious issue and should be patched as soon as possible. A fix has been released with version 1.2.26.
CVSS V3 Severity and Metrics
General Information
Vendors
- cacti
Products
- cacti 1.2.25
Metasploit Modules
References
Miscellaneous
