Security News > 2023 > January > Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild.
That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to be running a patched version of Cacti.
A majority of the unpatched versions are located in Brazil, followed by Indonesia, the U.S., China, Bangladesh, Russia, Ukraine, the Philippines, Thailand, and the U.K. SugarCRM Flaw Actively Exploited to Drop Web Shells#.
The development comes as SugarCRM shipped fixes for a publicly disclosed vulnerability that has also been actively weaponized to drop a PHP-based web shell on 354 unique hosts, Censys said in an independent advisory.
In the attacks detailed by Censys, the web shell is used as a conduit to execute additional commands on the infected machine with the same permissions as the user running the web service.
A majority of the infections have been reported in the U.S., Germany, Australia, France, and the U.K. It's not uncommon for malicious actors to capitalize on newly disclosed vulnerabilities to carry out their attacks, making it imperative that users move quickly plug the security holes.
News URL
https://thehackernews.com/2023/01/cacti-servers-under-attack-as-majority.html
Related news
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)