Unknown
CVE-2023-49084
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2023-49084
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Cacti is a robust performance and fault management framework and a frontend to RRDTool – a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the link.php
. Impact of the vulnerability execution of arbitrary code on the server.
Add Assessment
Ratings
Technical Analysis
This is a local file inclusion vulnerability that affects the external links page link.php
. When chained with CVE-2023-49084, a SQL injection vulnerability in the pollers.php
script, an attacker can achieve remote code execution. It requires to be authenticated with specific permissions to exploit the SQL injection, but if these conditions are met, an attacker can update the database and exploit this vulnerability.
The attack consists in creating an external link entry in the database that points to the Cacti log file and setting all the permissions needed to access it. Then, the attacker just has to inject a stager payload the logs, which will be triggered when the external link page is requested. A Metasploit module exists for this.
Since this vulnerability requires an user account setup with specific permissions, the risk is lowered. However, remote code execution is still considered a serious issue and should be patched as soon as possible. A fix has been released with version 1.2.26.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- cacti
Products
- cacti 1.2.25
References
Miscellaneous
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: