CVE-2010-1645 — Improper Input Validation in Cacti

CWE-20 — Improper Input Validation7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

2.8%

top 13.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedAug 23

Latest updateMay 17

Description

Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.7g-1 (bookworm)

▶Debiancacti/cacti< 0.8.7g-1+3

▶NVDcacti/cacti0.8.7e+36

🔴Vulnerability Details

GHSA

GHSA-3cv5-x4w9-vjq6: Cacti before 0↗2022-05-17

▶

OSV

CVE-2010-1645: Cacti before 0↗2010-08-23

▶

📋Vendor Advisories

Red Hat

cacti: multiple command injection flaws (BONSAI-2010-0105)↗2010-05-20

▶

Debian

CVE-2010-1645: cacti - Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solutio...↗2010

▶

💬Community

Bugzilla

CVE-2010-1645 cacti: multiple command injection flaws (BONSAI-2010-0105)↗2010-06-29

▶

Bugzilla

CVE-2010-1644 CVE-2010-1645 CVE-2010-2092 Cacti v0.8.7f - three security fixes↗2010-05-24

▶