CVE-2023-39357
published 2023-09-05CVE-2023-39357: Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is…
PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.54%
71.8th percentile
Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | < 1.2.25 | 1.2.25 |
| cacti | cacti | — | — |
| cacti | cacti | >= 0 < 1.2.16+ds1-2+deb11u2 | 1.2.16+ds1-2+deb11u2 |
| cacti | cacti | >= 0 < 1.2.24+ds1-1+deb12u1 | 1.2.24+ds1-1+deb12u1 |
| cacti | cacti | >= 0 < 1.2.25+ds1-1 | 1.2.25+ds1-1 |
| cacti | cacti | >= 0 < 1.2.25+ds1-1 | 1.2.25+ds1-1 |
| debian | cacti | < cacti 1.2.24+ds1-1+deb12u1 (bookworm) | cacti 1.2.24+ds1-1+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the `sql_save` function in Cacti — monitor for SQL injection attempts targeting numeric column inputs passed directly from user-controlled data without prior validation ↗
- →Exploitation requires authentication; alert on authenticated Cacti sessions performing anomalous SQL-like payloads in numeric parameter fields, potentially followed by privilege escalation or RCE activity ↗
- ·Vulnerability is fixed in Cacti version 1.2.25; Debian-specific fixes are available per-release (bookworm: 1.2.24+ds1-1+deb12u1, bullseye: 1.2.16+ds1-2+deb11u2, forky/sid/trixie: 1.2.25+ds1-1). No workarounds exist — upgrade is the only remediation. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-39357: Cacti is an open source operational monitoring and fault management framework
osv·2023-09-05·CVSS 8.8
CVE-2023-39357 [HIGH] CVE-2023-39357: Cacti is an open source operational monitoring and fault management framework
Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Debian
CVE-2023-39357: cacti - Cacti is an open source operational monitoring and fault management framework. A...
vendor_debian·2023·CVSS 8.8
CVE-2023-39357 [HIGH] CVE-2023-39357: cacti - Cacti is an open source operational monitoring and fault management framework. A...
Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Scope: local
bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u1)
bullseye: resolved (fixed in 1.2.16+ds1-2+deb11u2)
forky: resolved (fix
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqghttps://lists.debian.org/debian-lts-announce/2024/03/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/https://lists.fedoraproject.org/archives/list/[email protected]/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/https://lists.fedoraproject.org/archives/list/[email protected]/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/https://www.debian.org/security/2023/dsa-5550https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqghttps://lists.debian.org/debian-lts-announce/2024/03/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/https://lists.fedoraproject.org/archives/list/[email protected]/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/https://lists.fedoraproject.org/archives/list/[email protected]/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/https://www.debian.org/security/2023/dsa-5550
2023-09-05
Published