CVE-2023-31132

Cacti Privilege Escalation

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Cacti es un framework de monitorización operativa y gestión de fallos de código abierto. Las versiones afectadas están sujetas a una vulnerabilidad de escalada de privilegios. Un usuario del sistema operativo con pocos privilegios y acceso a un host Windows en el que esté instalado Cacti puede crear archivos PHP arbitrarios en un directorio de documentos web. El usuario puede entonces ejecutar los archivos PHP bajo el contexto de seguridad de SYSTEM. Esto permite a un atacante escalar privilegios desde una cuenta de usuario normal a SYSTEM. Este problema se ha solucionado en la versión 1.2.25. Se recomienda a los usuarios actualizar. No se conocen soluciones para esta vulnerabilidad.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-04-24 CVE Reserved
2023-09-05 CVE Published
2024-09-11 EPSS Updated
2024-09-26 CVE Updated
2024-09-26 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-306: Missing Authentication for Critical Function

CAPEC

References (4)

URL	Tag	Source
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN	Mailing List

URL	Date	SRC
https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876	2024-09-26

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cacti Search vendor "Cacti"	Cacti Search vendor "Cacti" for product "Cacti"	< 1.2.25 Search vendor "Cacti" for product "Cacti" and version " < 1.2.25"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe