Security News > 2023 > January > Cacti servers under attack by attackers exploiting CVE-2022-46169

Cacti servers under attack by attackers exploiting CVE-2022-46169
2023-01-16 11:21

If you're running the Cacti network monitoring solution and you haven't updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw.

Cacti is an open-source front-end app for RRDtool, a system for logging and graphing time series data, i.e., data from sensors and systems that is recorded / collected at regular intervals to create an evolving picture of what one wants to monitor.

Cacti is usually deployed to monitor network operations and resolve problems arising from things like hardware failure or loss of connectivity.

CVE-2022-46169 is a command injection vulnerability that "Allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device."

According to Censys, there are 6,427 Cacti hosts exposed on the internet, though it's difficult to tell how many are vulnerable.

Admins of Cacti servers who have failed to do all that should check their installation for compromise.


News URL

https://www.helpnetsecurity.com/2023/01/16/exploiting-cve-2022-46169/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-46169 Incorrect Authorization vulnerability in Cacti
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users.
network
low complexity
cacti CWE-863
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cacti 1 0 53 32 5 90