Description
There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:
- Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse
graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the
application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.
(CVE-2025-24367)
- Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27
are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are
permanently stored on a target server and served to users who access a particular page. Version 1.2.27
contains a patch for the issue. (CVE-2024-27082)
- Cacti is an open source performance and fault management framework. The `fileurl` parameter is not
properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some
html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored
XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http
post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS
(Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web
page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All
users are advised to upgrade. There are no known workarounds for this issue. (CVE-2024-43362)
- Cacti is an open source performance and fault management framework. An admin user can create a device with
a malicious hostname containing php code and repeat the installation process (completing only step 5 of
the installation process is enough, no need to complete the steps before or after it) to use a php file as
the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply
go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28
and all users are advised to upgrade. There are no known workarounds for this vulnerability.
(CVE-2024-43363)
- Cacti is an open source performance and fault management framework. The `title` parameter is not properly
sanitized when saving external links in links.php . Morever, the said title parameter is stored in the
database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege
to create external links can manipulate the `title` parameter in the http post request while creating
external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs
when an application allows untrusted user input to be displayed on a web page without proper validation or
escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There
are no known workarounds for this vulnerability. (CVE-2024-43364)
Plugin Details
Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Vulnerability Information
Exploit Ease: Exploits are available
Vulnerability Publication Date: 5/13/2024
Exploitable With
Metasploit (Cacti Graph Template authenticated RCE versions prior to 1.2.29)