Cacti < 0.8.7f Multiple Input Validation Vulnerabilities

High Nessus Plugin ID 46222

Synopsis

The remote web server is running a PHP application that is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.7f. It is, therefore, potentially affected by the following vulnerabilities :

- A vulnerability exists in 'templates_export.php' due to improper validation of input to the 'export_item_id' parameter. A remote attacker can exploit this to inject SQL queries to disclose arbitrary data. (CVE-2010-1431)

- Cross-site scripting vulnerabilities exist related to the 'host_id' parameter of 'data_sources.php', or the 'hostname' and 'description' parameters of 'host.php', which a remote attacker can exploit to inject arbitrary web script or HTML. (CVE-2010-1644)

- A SQL injection vulnerability in 'graph.php' exists which can be exploited by a remote attacker using specially crafted GET requests to the 'rra_id' parameter which can cause a corresponding POST request or cookie to bypass proper validation. (CVE-2010-2092)

Solution

Upgrade to Cacti 0.8.7f or later.

See Also

http://www.nessus.org/u?39e1a6fb

http://www.nessus.org/u?49d1a123

https://www.securityfocus.com/archive/1/511393/30/0/threaded

http://www.cacti.net/release_notes_0_8_7f.php

Plugin Details

Severity: High

ID: 46222

File Name: cacti_087e.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 2010/05/04

Updated: 2018/11/15

Dependencies: 46221

Configuration: Enable paranoid mode

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cacti:cacti

Required KB Items: installed_sw/cacti, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/04/21

Vulnerability Publication Date: 2010/04/21

Reference Information

CVE: CVE-2010-1431, CVE-2010-1644, CVE-2010-2092

BID: 39653, 40149, 40332

Secunia: 39570