CVE-2023-39364
Open redirect in change password functionality in Cacti
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Cacti es un framework de gestión de fallas y monitoreo operativo de código abierto. En Cacti 1.2.24, los usuarios con acceso a la consola pueden ser redirigidos a un sitio web arbitrario después de realizar un cambio de contraseña a través de una URL específicamente manipulada. El archivo `auth_changepassword.php` acepta `ref` como parámetro de URL y lo refleja en el formulario utilizado para realizar el cambio de contraseña. Su valor se utiliza para realizar una redirección a través de la función PHP "header". Se puede engañar a un usuario para que realice la operación de cambio de contraseña, por ejemplo, mediante un mensaje de phishing, y luego interactúe con el sitio web malicioso donde se realizó la redirección, por ejemplo, descargando malware, proporcionando credenciales, etc. Este problema se ha solucionado en la versión 1.2.25. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-07-28 CVE Reserved
- 2023-09-05 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (6)
URL | Date | SRC |
---|---|---|
https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cacti Search vendor "Cacti" | Cacti Search vendor "Cacti" for product "Cacti" | 1.2.24 Search vendor "Cacti" for product "Cacti" and version "1.2.24" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
|