Debian dla-3884 : cacti - security update

medium Nessus Plugin ID 206807

Synopsis

The remote Debian host is missing one or more security-related updates.

Description

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3884 advisory.

- ------------------------------------------------------------------------- Debian LTS Advisory DLA-3884-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaris September 09, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : cacti Version : 1.2.16+ds1-2+deb11u4 CVE ID : CVE-2022-41444 CVE-2024-25641 CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 CVE-2024-34340

Cacti, a web interface for graphing of monitoring systems, was vulnerable.

CVE-2022-41444

A Cross Site Scripting (XSS) vulnerability was found via crafted POST request to graphs_new.php.

CVE-2024-25641

An arbitrary file write vulnerability was found, exploitable through the Package Import feature. This vulnerability allowed authenticated users having the Import Templates permission to execute arbitrary PHP code (RCE) on the web server.

CVE-2024-31443

A Cross Site Scripting (XSS) vulnerabilty was found via crafted request to data_queries.php file.

CVE-2024-31444

A Cross Site Scripting (XSS) vulnerabilty was found via crafted request to automation_tree_rules.php file, via automation_tree_rules_form_save() function.

CVE-2024-31445

A SQL injection vulnerabilty was found in automation_get_new_graphs_sql function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution.

CVE-2024-31458

A SQL injection vulnerability was found in form_save() function in graph_template_inputs.php file.

CVE-2024-31459

A file inclusion issue in the 'lib/plugin.php' file was found. Combined with a SQL injection vulnerabilities, remote code execution (RCE) can be implemented.

CVE-2024-31460

A SQL injection vulnerability was found in some of the data stored in automation_tree_rules.php file.

CVE-2024-34340

A type juggling vulnerability was found in compat_password_verify function.
Md5-hashed user input is compared with correct password in database by `$md5 == $hash`.
It is a loose comparison, not the correct stricter `===`.

For Debian 11 bullseye, these problems have been fixed in version 1.2.16+ds1-2+deb11u4.

We recommend that you upgrade your cacti packages.

For the detailed security status of cacti please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/cacti

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the cacti packages.

See Also

https://security-tracker.debian.org/tracker/source-package/cacti

https://packages.debian.org/source/bullseye/cacti

https://security-tracker.debian.org/tracker/CVE-2022-41444

https://security-tracker.debian.org/tracker/CVE-2024-25641

https://security-tracker.debian.org/tracker/CVE-2024-31443

https://security-tracker.debian.org/tracker/CVE-2024-31444

https://security-tracker.debian.org/tracker/CVE-2024-31445

https://security-tracker.debian.org/tracker/CVE-2024-31458

https://security-tracker.debian.org/tracker/CVE-2024-31459

https://security-tracker.debian.org/tracker/CVE-2024-31460

https://security-tracker.debian.org/tracker/CVE-2024-34340

Plugin Details

Severity: Medium

ID: 206807

File Name: debian_DLA-3884.nasl

Version: 1.2

Type: local

Agent: unix

Published: 9/9/2024

Updated: 9/10/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2022-41444

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:cacti

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/9/2024

Vulnerability Publication Date: 8/22/2023

Exploitable With

Metasploit (Cacti Import Packages RCE)

Reference Information

CVE: CVE-2022-41444, CVE-2024-25641, CVE-2024-31443, CVE-2024-31444, CVE-2024-31445, CVE-2024-31458, CVE-2024-31459, CVE-2024-31460, CVE-2024-34340