Security News > 2023 > January > Cacti servers under attack by attackers exploiting CVE-2022-46169
If you're running the Cacti network monitoring solution and you haven't updated it since early December, now is the time to do it to foil attackers exploiting a critical command injection flaw.
Cacti is an open-source front-end app for RRDtool, a system for logging and graphing time series data, i.e., data from sensors and systems that is recorded / collected at regular intervals to create an evolving picture of what one wants to monitor.
Cacti is usually deployed to monitor network operations and resolve problems arising from things like hardware failure or loss of connectivity.
CVE-2022-46169 is a command injection vulnerability that "Allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device."
According to Censys, there are 6,427 Cacti hosts exposed on the internet, though it's difficult to tell how many are vulnerable.
Admins of Cacti servers who have failed to do all that should check their installation for compromise.
News URL
https://www.helpnetsecurity.com/2023/01/16/exploiting-cve-2022-46169/
Related news
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-05 | CVE-2022-46169 | Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. | 9.8 |