Security News > 2023 > January > Cacti servers under attack by attackers exploiting CVE-2022-46169
If you're running the Cacti network monitoring solution and you haven't updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw.
Cacti is an open-source front-end app for RRDtool, a system for logging and graphing time series data, i.e., data from sensors and systems that is recorded / collected at regular intervals to create an evolving picture of what one wants to monitor.
Cacti is usually deployed to monitor network operations and resolve problems arising from things like hardware failure or loss of connectivity.
CVE-2022-46169 is a command injection vulnerability that "Allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device."
According to Censys, there are 6,427 Cacti hosts exposed on the internet, though it's difficult to tell how many are vulnerable.
Admins of Cacti servers who have failed to do all that should check their installation for compromise.
News URL
https://www.helpnetsecurity.com/2023/01/16/exploiting-cve-2022-46169/
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-46169 | Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. | 9.8 |