Detections
Analytics
FreeBSD : cacti -- Authenticated users may bypass authorization checks (ed18aa92-e4f4-11e9-b6fa-3085a9a95629)
medium Nessus Plugin ID 129548
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
The cacti developers reports :In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
Solution
Update the affected package.See Also
Plugin Details
Severity: Medium
ID: 129548
File Name: freebsd_pkg_ed18aa92e4f411e9b6fa3085a9a95629.nasl
Version: 1.3
Type: local
Family: FreeBSD Local Security Checks
Published: 10/3/2019
Updated: 12/23/2019
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS v3
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.8
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:cacti, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 10/2/2019
Vulnerability Publication Date: 9/23/2019
Reference Information
CVE: CVE-2019-16723