CVE-2016-2313 — Cacti vulnerability

CWE-26410 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.1%

top 22.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti Opensuse Leap +1 more

Timeline

PublishedApr 13

Latest updateMay 17

Description

auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶NVDcacti/cacti< 1.0.0+1

▶debiandebian/cacti< cacti 0.8.8h+ds1-5 (bookworm)+1

▶Debiancacti/cacti< 0.8.8h+ds1-5+7

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-72gr-g5cr-jq69: auth_login↗2022-05-17

▶

GHSA

GHSA-hqj3-mvg5-35g5: auth_login↗2022-05-14

▶

OSV

CVE-2016-10700: auth_login↗2017-11-24

▶

OSV

CVE-2016-2313: auth_login↗2016-04-13

▶

📋Vendor Advisories

Debian

CVE-2016-10700: cacti - auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use w...↗2016

▶

Debian

CVE-2016-2313: cacti - auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use ...↗2016

▶

💬Community

Bugzilla

CVE-2016-2313 cacti: authentication bypass↗2016-02-11

▶

Bugzilla

CVE-2016-2313 cacti: authentication bypass [epel-all]↗2016-02-11

▶