Security News > 2023 > January > Hackers exploit Cacti critical bug to install malware, open reverse shells

More than 1,600 instances of the Cacti device monitoring tool reachable over the internet are vulnerable to a critical security issue that hackers have already started to exploit.
In early December 2022, a security advisory warned of a critical command injection vulnerability in Cacti that could be exploited without authentication.
Another exploit installed was IRC botnet that opened a reverse shell on the host and instructed it to run port scans.
In a report from Censys attack surface search platform for Internet-connected devices, there are 6,427 Cacti hosts exposed on the web.
The company could count 1,637 Cacti hosts reachable over the web that were vulnerable to CVE-2022-46169, many of them running version 1.1.38 of the monitoring solution, released in April 2021.
Of all Cacti hosts for which Censys could determine the version number, only 26 were running an updated release that was not vulnerable to the critical flaw.
News URL
Related news
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert! (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features (source)
- Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-05 | CVE-2022-46169 | Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. | 9.8 |