// For flags

CVE-2023-30534

Insecure Deserialization in Cacti

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Cacti es un framework de gestión de fallas y monitoreo operativo de código abierto. Hay dos casos de deserialización insegura en la versión 1.2.24 de Cacti. Mientras exista una cadena viable de gadgets en el directorio Cacti’s vendor (phpseclib), los gadgets necesarios no están incluidos, lo que los hace inaccesibles y las deserializaciones inseguras no son explotables. Cada caso de deserialización insegura se debe al uso de la función unserialize sin sanear la entrada del usuario. Cacti tiene una deserialización “segura” que intenta sanitizar el contenido y verificar valores específicos antes de llamar a unserialize, pero no se usa en estos casos.El código vulnerable se encuentra en graphs_new.php, específicamente dentro de la función host_new_graphs_save. Este problema se solucionó en la versión 1.2.25. Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
Poc
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2023-04-12 CVE Reserved
  • 2023-09-05 CVE Published
  • 2024-09-26 CVE Updated
  • 2024-09-26 First Exploit
  • 2024-11-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cacti
Search vendor "Cacti"
 Cacti
Search vendor "Cacti" for product "Cacti"
 < 1.2.25
Search vendor "Cacti" for product "Cacti" and version " < 1.2.25"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 37
Search vendor "Fedoraproject" for product "Fedora" and version "37"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 38
Search vendor "Fedoraproject" for product "Fedora" and version "38"
-
Affected