9.8
CVSS
CRITICAL
EPSS94.5%(100th)
CISA KEVPublic ExploitExploited in Wild
CISA Required Action: Apply updates per vendor instructions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDcacti/cacti< 1.2.23
Debiancacti< 1.2.16+ds1-2+deb11u1+3
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the clien...
NVDMITREPatch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

7
nvd_references
Correct issue with PHP 5.42022-12-05
OSV
CVE-2022-46169: Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users2022-12-05
GitHub
Correct issue with PHP 5.42022-12-05
GitHub
Merge pull request from GHSA-6p93-p743-35gf2022-12-05
nvd_references
Merge pull request from GHSA-6p93-p743-35gf2022-12-05

💥Exploits & PoCs

3
Exploit-DB
Cacti v1.2.22 - Remote Command Execution (RCE)2023-03-31
Nuclei
Cacti <=1.2.22 - Remote Command Injection
Metasploit
Cacti 1.2.22 unauthenticated command injection

🔍Detection Rules

2
Suricata
ET EXPLOIT Possible Cacti Unauthenticated RCE Inbound M2 (CVE-2022-46169)2022-12-26
Suricata
ET EXPLOIT Possible Cacti Unauthenticated RCE Inbound M1 (CVE-2022-46169)2022-12-26

📋Vendor Advisories

3
Ubuntu
Cacti vulnerability2025-01-23
CISA
Cacti Command Injection Vulnerability2023-02-16
Debian
CVE-2022-46169: cacti - Cacti is an open source platform which provides a robust and extensible operatio...2022

🕵️Threat Intelligence

1
Unit42
Network Security Trends: November 2022-January 20232023-05-02

📄Research Papers

1
CTF
MonitorsTwo / README