Authenticated command injection in SNMP options of a Device
CVE-2023-39362

7.2HIGH

Key Information:

Vendor: Cacti
Status: Cacti
Vendor: CVE Published:; 5 September 2023

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 86%

What is CVE-2023-39362?

Cacti, an open source operational monitoring framework, has a vulnerability that allows authenticated privileged users to execute arbitrary commands on the server. This issue arises in version 1.2.24 when a malicious string is manipulated in the SNMP options of a device, leading to remote code execution due to inadequate input validation in the lib/snmp.php script. The vulnerability has been resolved in version 1.2.25, and users are strongly encouraged to upgrade as there are no known workarounds.

Affected Version(s)

cacti < 1.2.25

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cacti-rce-snmp-options-vulnerable-application
Created by m3ssap0

References

https://github.com/Cacti/cacti/security/advisories/GHSA-g...

x_refsource_CONFIRM

http://packetstormsecurity.com/files/175029/Cacti-1.2.24-...

https://lists.fedoraproject.org/archives/list/package-ann...

EPSS Score

86% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2023
Vulnerability Reserved
Jul 28, 2023
🟡
Public PoC available
Jul 3, 2023
👾
Exploit known to exist
Jul 3, 2023