CVE-2014-2328 — Cacti vulnerability

8 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 21.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti Debian Linux +2 more

Timeline

PublishedApr 23

Latest updateMay 14

Description

lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/cacti< cacti 0.8.8b+dfsg-4 (bookworm)

▶Debiancacti/cacti< 0.8.8b+dfsg-4+3

▶NVDcacti/cacti0.8.7 — 0.8.7g+1

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 7.0, Fedora 19, 20

Patches

Patch: svn.cacti.net ↗Patch: svn.cacti.net ↗

🔴Vulnerability Details

GHSA

GHSA-fwg6-8jf8-3wh3: lib/graph_export↗2022-05-14

▶

OSV

CVE-2014-2328: lib/graph_export↗2014-04-23

▶

📋Vendor Advisories

Debian

CVE-2014-2328: cacti - lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenti...↗2014

▶

💬Community

Bugzilla

CVE-2015-2328 pcre: infinite recursion compiling pattern with recursive reference in a group with indefinite repeat (8.36/20)↗2015-11-25

▶

Bugzilla

CVE-2014-2327 CVE-2014-2326 CVE-2014-2328 cacti: multiple flaws reported by Deutsche Telekom [fedora-all]↗2014-04-01

▶

Bugzilla

CVE-2014-2327 CVE-2014-2326 CVE-2014-2328 cacti: multiple flaws reported by Deutsche Telekom [epel-all]↗2014-04-01

▶

Bugzilla

CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 cacti: multiple flaws reported by Deutsche Telekom↗2014-03-28

▶