CVE-2023-39362

{"id": "CVE-2023-39362", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2023-09-05T22:15:08.817", "references": [{"url": "http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "[email protected]"}, {"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html", "source": "[email protected]"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/", "tags": ["Mailing List"], "source": "[email protected]"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/", "source": "[email protected]"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/", "tags": ["Mailing List"], "source": "[email protected]"}, {"url": "https://www.debian.org/security/2023/dsa-5550", "source": "[email protected]"}, {"url": "http://packetstormsecurity.com/files/175029/Cacti-1.2.24-Command-Injection.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/CFH3J2WVBKY4ZJNMARVOWJQK6PSLPHFH/", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WOQFYGLZBAWT4AWNMO7DU73QXWPXTCKH/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WZGB2UXJEUYWWA6IWVFQ3ZTP22FIHMGN/", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2023/dsa-5550", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.vicarius.io/vsociety/posts/command-injection-in-cacti-cve-2023-39362", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Cacti es un framework de monitorizaci\u00f3n operacional y gesti\u00f3n de fallos de c\u00f3digo abierto. En Cacti v1.2.24, bajo ciertas condiciones, un usuario privilegiado autenticado, puede utilizar una cadena maliciosa en las opciones SNMP de un dispositivo, realizando inyecci\u00f3n de comandos y obteniendo ejecuci\u00f3n remota de c\u00f3digo en el servidor subyacente. El fichero \"lib/snmp.php\" tiene un conjunto de funciones, con un comportamiento similar, que aceptan en entrada algunas variables y las colocan en una llamada \"exec\" sin un escape o validaci\u00f3n adecuados. Este problema se ha solucionado en la versi\u00f3n 1.2.25. Se recomienda a los usuarios que actualicen. No se conocen soluciones para esta vulnerabilidad. "}], "lastModified": "2024-11-21T08:15:14.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11743AE1-4C92-47E9-BDA5-764FE3984CE8", "versionEndExcluding": "1.2.25"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}