Security News > 2023 > April > Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation

Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
2023-04-01 04:51

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.

CVE-2022-46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code.

CVE-2021-35394 also concerns an arbitrary command injection vulnerability impacting the Realtek Jungle SDK that was patched in 2021.

While the latter has been previously exploited to distribute botnets like Mirai, Gafgyt, Mozi, and RedGoBot, the development marks the first time it has been utilized to deploy MooBot, a Mirai variant known to be active since 2019.

The Cacti flaw, besides being leveraged for MooBot attacks, has also been observed serving ShellBot payloads since January 2023, when the issue came to light.

A third security vulnerability that has come under active exploitation is CVE-2022-47986, a critical YAML deserialization issue in IBM's Aspera Faspex file exchange application.


News URL

https://thehackernews.com/2023/04/cacti-realtek-and-ibm-aspera-faspex.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2022-47986 Deserialization of Untrusted Data vulnerability in IBM Aspera Faspex 4.4.1/4.4.2
IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw.
network
low complexity
ibm CWE-502
critical
9.8
2022-12-05 CVE-2022-46169 Incorrect Authorization vulnerability in Cacti
Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users.
network
low complexity
cacti CWE-863
critical
9.8
2021-08-16 CVE-2021-35394 Unspecified vulnerability in Realtek Jungle SDK
Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary.
network
low complexity
realtek
critical
9.8

Related vendor