Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4112 — Cacti vulnerability

CWE-2648 documents7 sources

Severity

9.0CRITICALNVD

EPSS

8.0%

top 7.91%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cacti Debian Cacti

Timeline

PublishedNov 30

Latest updateMay 2

Description

Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/cacti< cacti 1.2.1+ds1-1 (bookworm)

▶Debiancacti/cacti< 1.2.1+ds1-1+3

▶NVDcacti/cacti0.8.7e+15

🔴Vulnerability Details

GHSA

GHSA-p256-rcj4-whc9: Cacti 0↗2022-05-02

▶

OSV

CVE-2009-4112: Cacti 0↗2009-11-30

▶

💥Exploits & PoCs

Exploit-DB

Joomla! Component ProofReader 1.0 RC9 - Cross-Site Scripting↗2009-11-16

▶

📋Vendor Advisories

Red Hat

Cacti: Privilege escalation under certain conditions↗2009-11-25

▶

Debian

CVE-2009-4112: cacti - Cacti 0.8.7e and earlier allows remote authenticated administrators to gain priv...↗2009

▶

💬Community

Bugzilla

cacti: arbitrary command injection vulnerability↗2010-04-26

▶

Bugzilla

CVE-2009-4112 Cacti: Privilege escalation under certain conditions↗2009-12-01

▶