CVE-2023-39358
published 2023-09-05CVE-2023-39358: Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows…
PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.69%
74.2th percentile
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | < 1.2.25 | 1.2.25 |
| cacti | cacti | >= 0 < 1.2.24+ds1-1+deb12u1 | 1.2.24+ds1-1+deb12u1 |
| cacti | cacti | >= 0 < 1.2.25+ds1-1 | 1.2.25+ds1-1 |
| cacti | cacti | >= 0 < 1.2.25+ds1-1 | 1.2.25+ds1-1 |
| debian | cacti | < cacti 1.2.24+ds1-1+deb12u1 (bookworm) | cacti 1.2.24+ds1-1+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable file is `reports_user.php`; monitor for SQL injection attempts targeting this file, specifically in the `ajax_get_branches` function via the `tree_id` parameter ↗
- ·Exploitation requires authentication; focus detection on authenticated sessions making requests to reports_user.php with anomalous `tree_id` values (e.g., SQL metacharacters, UNION/SELECT payloads) ↗
- ·Fixed in Cacti version 1.2.25 (and 1.2.24+ds1-1+deb12u1 for Debian bookworm); instances running versions prior to 1.2.25 remain vulnerable ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2023-39358: cacti - Cacti is an open source operational monitoring and fault management framework. A...
vendor_debian·2023·CVSS 8.8
CVE-2023-39358 [HIGH] CVE-2023-39358: cacti - Cacti is an open source operational monitoring and fault management framework. A...
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Scope: local
bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u1)
bullseye: resolved
forky: resolved (fixed in 1.2.25+ds1-1)
sid: resolved (fixed in 1.2.25+ds1-1)
trixie: resolved (fixed in 1.2.25+ds1-1)
OSV
CVE-2023-39358: Cacti is an open source operational monitoring and fault management framework
osv·2023-09-05·CVSS 8.8
CVE-2023-39358 [HIGH] CVE-2023-39358: Cacti is an open source operational monitoring and fault management framework
Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7ghttps://lists.fedoraproject.org/archives/list/[email protected]/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/https://lists.fedoraproject.org/archives/list/[email protected]/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/https://lists.fedoraproject.org/archives/list/[email protected]/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7ghttps://lists.fedoraproject.org/archives/list/[email protected]/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/https://lists.fedoraproject.org/archives/list/[email protected]/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/https://lists.fedoraproject.org/archives/list/[email protected]/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/
2023-09-05
Published