CVE-2023-39362

Authenticated command injection in SNMP options of a Device

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Cacti es un framework de monitorización operacional y gestión de fallos de código abierto. En Cacti v1.2.24, bajo ciertas condiciones, un usuario privilegiado autenticado, puede utilizar una cadena maliciosa en las opciones SNMP de un dispositivo, realizando inyección de comandos y obteniendo ejecución remota de código en el servidor subyacente. El fichero "lib/snmp.php" tiene un conjunto de funciones, con un comportamiento similar, que aceptan en entrada algunas variables y las colocan en una llamada "exec" sin un escape o validación adecuados. Este problema se ha solucionado en la versión 1.2.25. Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad.

*Credits: N/A

CVSS Scores

NISTv3.1 7.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-07-28 CVE Reserved
2023-09-05 CVE Published
2023-10-09 First Exploit
2024-08-19 CVE Updated
2024-11-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (9)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN	Mailing List
https://www.debian.org/security/2023/dsa-5550

URL	Date	SRC
https://www.exploit-db.com/exploits/51740	2023-10-09
https://github.com/jakabakos/CVE-2023-39362-cacti-snmp-command-injection-poc	2024-03-01
http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html	2024-08-19
https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp	2024-08-19

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cacti Search vendor "Cacti"		Cacti Search vendor "Cacti" for product "Cacti"				< 1.2.25 Search vendor "Cacti" for product "Cacti" and version " < 1.2.25"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				38 Search vendor "Fedoraproject" for product "Fedora" and version "38"		-		Affected