CVE-2024-31445
published 2024-05-14CVE-2024-31445: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in…
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
26.15%
97.7th percentile
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | < 1.2.27 | 1.2.27 |
| cacti | cacti | >= 0 < 1.2.16+ds1-2+deb11u4 | 1.2.16+ds1-2+deb11u4 |
| cacti | cacti | >= 0 < 1.2.24+ds1-1+deb12u3 | 1.2.24+ds1-1+deb12u3 |
| cacti | cacti | >= 0 < 1.2.27+ds1-1 | 1.2.27+ds1-1 |
| cacti | cacti | >= 0 < 1.2.27+ds1-1 | 1.2.27+ds1-1 |
| cacti | cacti | >= 0 < 1.2.10+ds1-1ubuntu1.1 | 1.2.10+ds1-1ubuntu1.1 |
| cacti | cacti | >= 0 < 1.2.19+ds1-2ubuntu1.1 | 1.2.19+ds1-2ubuntu1.1 |
| cacti | cacti | >= 0 < 1.2.26+ds1-1ubuntu0.1 | 1.2.26+ds1-1ubuntu0.1 |
| cacti | cacti | >= 0 < 0.8.8b+dfsg-5ubuntu0.2+esm2 | 0.8.8b+dfsg-5ubuntu0.2+esm2 |
| cacti | cacti | >= 0 < 0.8.8f+ds1-4ubuntu4.16.04.2+esm2 | 0.8.8f+ds1-4ubuntu4.16.04.2+esm2 |
| cacti | cacti | >= 0 < 1.1.38+ds1-1ubuntu0.1~esm3 | 1.1.38+ds1-1ubuntu0.1~esm3 |
| debian | cacti | < cacti 1.2.24+ds1-1+deb12u3 (bookworm) | cacti 1.2.24+ds1-1+deb12u3 (bookworm) |
| fedoraproject | fedora | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →SQL injection occurs in `automation_get_new_graphs_sql` function within `api_automation.php` — monitor for anomalous SQL payloads in requests targeting this endpoint ↗
- →The unsanitized user-controlled input is the `filter` request variable — inspect HTTP request parameters named `filter` sent to `api_automation.php` for SQL metacharacters or injection patterns ↗
- →The `filter` parameter uses `FILTER_DEFAULT` (no filtering) at line 717 of `api_automation.php`, making it a reliable injection point — flag any non-alphanumeric SQL syntax in this parameter ↗
- →Exploitation can lead to privilege escalation and remote code execution — correlate SQL injection attempts against `api_automation.php` with subsequent unexpected process spawning or privilege changes on the Cacti host ↗
- ·Exploitation requires authentication — unauthenticated access alone is not sufficient; monitor for authenticated sessions abusing the `filter` parameter ↗
- ·Vulnerability is present in Cacti versions prior to 1.2.27; Debian stable (bookworm) backported the fix into 1.2.24+ds1-1+deb12u3, so version checks must account for distro-patched builds ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_ubuntu9.1CRITICAL
vendor_debian8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Cacti vulnerabilities
vendor_ubuntu·2024-08-20·CVSS 9.1
CVE-2024-29894 [CRITICAL] Cacti vulnerabilities
Title: Cacti vulnerabilities
Summary: Several security issues were fixed in Cacti.
It was discovered that Cacti did not properly apply checks to the "Package
Import" feature. An attacker could possibly use this issue to perform
arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu
22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-25641)
It was discovered that Cacti did not properly sanitize values when using
javascript based API. A remote attacker could possibly use this issue to
inject arbitrary javascript code resulting into cross-site scripting
vulnerability. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29894)
It was discovered that Cacti did not properly sanitize values when managing
data queries. A remote attacker could possibly use this iss
Debian
CVE-2024-31445: cacti - Cacti provides an operational monitoring and fault management framework. Prior t...
vendor_debian·2024·CVSS 8.8
CVE-2024-31445 [HIGH] CVE-2024-31445: cacti - Cacti provides an operational monitoring and fault management framework. Prior t...
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
Scope: local
bookworm: resolved (fixed in 1.2.24+ds1-1+deb12u3)
bullseye: resolved (fixed in 1.2.16+ds1-2+deb11u4)
forky: resolved (fixed in 1.2.27+ds1-1)
sid: resolved
OSV
cacti vulnerabilities
osv·2024-08-20·CVSS 7.2
CVE-2024-25641 [HIGH] cacti vulnerabilities
cacti vulnerabilities
It was discovered that Cacti did not properly apply checks to the "Package
Import" feature. An attacker could possibly use this issue to perform
arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu
22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-25641)
It was discovered that Cacti did not properly sanitize values when using
javascript based API. A remote attacker could possibly use this issue to
inject arbitrary javascript code resulting into cross-site scripting
vulnerability. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-29894)
It was discovered that Cacti did not properly sanitize values when managing
data queries. A remote attacker could possibly use this issue to inject
arbitrary javascript code resulting into cross-si
OSV
CVE-2024-31445: Cacti provides an operational monitoring and fault management framework
osv·2024-05-14·CVSS 8.8
CVE-2024-31445 [HIGH] CVE-2024-31445: Cacti provides an operational monitoring and fault management framework
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcchttps://lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L717https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/lib/api_automation.php#L856https://github.com/Cacti/cacti/commit/fd93c6e47651958b77c3bbe6a01fff695f81e886https://github.com/Cacti/cacti/security/advisories/GHSA-vjph-r677-6pcchttps://lists.debian.org/debian-lts-announce/2024/09/msg00027.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
2024-05-14
Published