CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43363 – Remote code execution via Log Poisoning in Cacti
https://notcve.org/view.php?id=CVE-2024-43363
Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43365 – Stored Cross-site Scripting (XSS) when creating external links in Cacti
https://notcve.org/view.php?id=CVE-2024-43365
Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. • https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43364 – Stored Cross-site Scripting (XSS) when creating external links in Cacti
https://notcve.org/view.php?id=CVE-2024-43364
Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. • https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43362 – Stored Cross-site Scripting (XSS) when creating external links in Cacti
https://notcve.org/view.php?id=CVE-2024-43362
Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. • https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34340 – Authentication Bypass when using using older password hashes
https://notcve.org/view.php?id=CVE-2024-34340
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. • https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X • CWE-287: Improper Authentication CWE-697: Incorrect Comparison •