Synopsis
The remote Debian host is missing one or more security-related updates.
Description
The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3884 advisory.
- ------------------------------------------------------------------------- Debian LTS Advisory DLA-3884-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaris September 09, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : cacti Version : 1.2.16+ds1-2+deb11u4 CVE ID : CVE-2022-41444 CVE-2024-25641 CVE-2024-31443 CVE-2024-31444 CVE-2024-31445 CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 CVE-2024-34340
Cacti, a web interface for graphing of monitoring systems, was vulnerable.
CVE-2022-41444
A Cross Site Scripting (XSS) vulnerability was found via crafted POST request to graphs_new.php.
CVE-2024-25641
An arbitrary file write vulnerability was found, exploitable through the Package Import feature. This vulnerability allowed authenticated users having the Import Templates permission to execute arbitrary PHP code (RCE) on the web server.
CVE-2024-31443
A Cross Site Scripting (XSS) vulnerabilty was found via crafted request to data_queries.php file.
CVE-2024-31444
A Cross Site Scripting (XSS) vulnerabilty was found via crafted request to automation_tree_rules.php file, via automation_tree_rules_form_save() function.
CVE-2024-31445
A SQL injection vulnerabilty was found in automation_get_new_graphs_sql function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution.
CVE-2024-31458
A SQL injection vulnerability was found in form_save() function in graph_template_inputs.php file.
CVE-2024-31459
A file inclusion issue in the 'lib/plugin.php' file was found. Combined with a SQL injection vulnerabilities, remote code execution (RCE) can be implemented.
CVE-2024-31460
A SQL injection vulnerability was found in some of the data stored in automation_tree_rules.php file.
CVE-2024-34340
A type juggling vulnerability was found in compat_password_verify function.
Md5-hashed user input is compared with correct password in database by `$md5 == $hash`.
It is a loose comparison, not the correct stricter `===`.
For Debian 11 bullseye, these problems have been fixed in version 1.2.16+ds1-2+deb11u4.
We recommend that you upgrade your cacti packages.
For the detailed security status of cacti please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/cacti
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Tenable has extracted the preceding description block directly from the Debian security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the cacti packages.
Plugin Details
File Name: debian_DLA-3884.nasl
Agent: unix
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:11.0, p-cpe:/a:debian:debian_linux:cacti
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: Exploits are available
Patch Publication Date: 9/9/2024
Vulnerability Publication Date: 8/22/2023
Exploitable With
Metasploit (Cacti Import Packages RCE)