CVE-2009-4112
published 2009-11-30CVE-2009-4112: Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage"…
PriorityP358critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
11.48%
95.5th percentile
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | <= 0.8.7e | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | >= 0 < 1.2.1+ds1-1 | 1.2.1+ds1-1 |
| cacti | cacti | >= 0 < 1.2.1+ds1-1 | 1.2.1+ds1-1 |
| cacti | cacti | >= 0 < 1.2.1+ds1-1 | 1.2.1+ds1-1 |
| cacti | cacti | >= 0 < 1.2.1+ds1-1 | 1.2.1+ds1-1 |
| debian | cacti | < cacti 1.2.1+ds1-1 (bookworm) | cacti 1.2.1+ds1-1 (bookworm) |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv9.0CRITICAL
vendor_debian9.0LOW
vendor_redhat9.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
Cacti: Privilege escalation under certain conditions
vendor_redhat·2009-11-25·CVSS 9.0
CVE-2009-4112 [CRITICAL] Cacti: Privilege escalation under certain conditions
Cacti: Privilege escalation under certain conditions
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
Debian
CVE-2009-4112: cacti - Cacti 0.8.7e and earlier allows remote authenticated administrators to gain priv...
vendor_debian·2009·CVSS 9.0
CVE-2009-4112 [CRITICAL] CVE-2009-4112: cacti - Cacti 0.8.7e and earlier allows remote authenticated administrators to gain priv...
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
Scope: local
bookworm: resolved (fixed in 1.2.1+ds1-1)
bullseye: resolved (fixed in 1.2.1+ds1-1)
forky: resolved (fixed in 1.2.1+ds1-1)
sid: resolved (fixed in 1.2.1+ds1-1)
trixie: resolved (fixed in 1.2.1+ds1-1)
GHSA
GHSA-p256-rcj4-whc9: Cacti 0
ghsa_unreviewed·2022-05-02
CVE-2009-4112 [HIGH] GHSA-p256-rcj4-whc9: Cacti 0
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
OSV
CVE-2009-4112: Cacti 0
osv·2009-11-30·CVSS 9.0
CVE-2009-4112 [CRITICAL] CVE-2009-4112: Cacti 0
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
No detection rules found.
Bugzilla
cacti: arbitrary command injection vulnerability
bugzilla·2010-04-26
[MEDIUM] cacti: arbitrary command injection vulnerability
cacti: arbitrary command injection vulnerability
It was reported [1] that Cacti is vulnerable to arbitrary command injection due to not properly sanitizing user-supplied input. Specifically, the reported vulnerabilities are:
1) Edit or Create a Device with FQDN \u2018NotARealIPAddress;CMD;\u2019 (without
single quotes) and Save it. Edit the Device again and reload any data
query already created. CMD will be executed with Web Server rights.
2) Edit or Create a Graph Template and use as Vertical Label
'BonsaiSecLabel";CMD; "' (without single quotes) and Save it. Go to
Graph Management section and Select it. CMD will be executed with Web
Server rights. Note that other properties of a Graph Template might
also be affected.
The report indidcates this affects all current releases of Cacti (u
Bugzilla
CVE-2009-4112 Cacti: Privilege escalation under certain conditions
bugzilla·2009-12-01·CVSS 9.0
CVE-2009-4112 [CRITICAL] CVE-2009-4112 Cacti: Privilege escalation under certain conditions
CVE-2009-4112 Cacti: Privilege escalation under certain conditions
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4112
to the following vulnerability:
Cacti 0.8.7e and earlier allows remote authenticated administrators to
gain privileges by modifying the "Data Input Method" for the "Linux -
Get Memory Usage" setting to contain arbitrary commands.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html
http://www.securityfocus.com/bid/37137
More issue details from the full-disclosure post by Moritz Naumann:
5. Priviledge escalation
Finally, due to the permissive way the web interface allows
Cacti to be configured, a cacti administrator is also able
to execute arbitrary command
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.htmlhttp://www.openwall.com/lists/oss-security/2009/11/26/1http://www.openwall.com/lists/oss-security/2009/11/30/2http://www.securityfocus.com/archive/1/508129/100/0/threadedhttp://www.securityfocus.com/bid/37137https://exchange.xforce.ibmcloud.com/vulnerabilities/54473http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.htmlhttp://www.openwall.com/lists/oss-security/2009/11/26/1http://www.openwall.com/lists/oss-security/2009/11/30/2http://www.securityfocus.com/archive/1/508129/100/0/threadedhttp://www.securityfocus.com/bid/37137https://exchange.xforce.ibmcloud.com/vulnerabilities/54473
2009-11-30
Published