Security Configuration Vulnerability in Cacti Performance Management Framework
CVE-2024-45598

6MEDIUM

Key Information:

Vendor

Cacti

Status
Cacti
Vendor
CVE Published:
27 January 2025

What is CVE-2024-45598?

In Cacti, an open source performance and fault management framework, a vulnerability exists that allows an administrator to alter the 'Poller Standard Error Log Path' setting, found in Installation Step 5 or the Configuration->Settings->Paths section. This change permits the selection of a local file within the server, exposing its content through the Logs tab in the web UI. This flaw has been addressed in version 1.2.29 of the software.

Affected Version(s)

cacti < 1.2.29

References

https://github.com/Cacti/cacti/security/advisories/GHSA-p...
x_refsource_CONFIRM
https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66...
x_refsource_MISC

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-45598 : Security Configuration Vulnerability in Cacti Performance Management Framework