Vulnerabilities > CVE-2017-12065 - Unspecified vulnerability in Cacti

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

nessus

NVD

Published: 2017-08-01

Updated: 2019-10-03

Summary

spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.

Part	Description	Count
Application	Cacti Cacti Cacti 0.8 Cacti Cacti 0.8.1 Cacti Cacti 0.8.2 Cacti Cacti 0.8.2A Cacti Cacti 0.8.3 Cacti Cacti 0.8.3A Cacti Cacti 0.8.4 Cacti Cacti 0.8.5 Cacti Cacti 0.8.5A Cacti Cacti 0.8.6 Cacti Cacti 0.8.6A Cacti Cacti 0.8.6B Cacti Cacti 0.8.6C Cacti Cacti 0.8.6D Cacti Cacti 0.8.6E Cacti Cacti 0.8.6F Cacti Cacti 0.8.6G Cacti Cacti 0.8.6H Cacti Cacti 0.8.6I Cacti Cacti 0.8.6J Cacti Cacti 0.8.6K Cacti Cacti 0.8.7 Cacti Cacti 0.8.7A Cacti Cacti 0.8.7B Cacti Cacti 0.8.7C Cacti Cacti 0.8.7D Cacti Cacti 0.8.7E Cacti Cacti 0.8.7F Cacti Cacti 0.8.7G Cacti Cacti 0.8.7H Cacti Cacti 0.8.7I Cacti Cacti 0.8.8 Cacti Cacti 0.8.8A Cacti Cacti 0.8.8B Cacti Cacti 0.8.8C Cacti Cacti 0.8.8D Cacti Cacti 0.8.8E Cacti Cacti 0.8.8F Cacti Cacti 0.8.8G Cacti Cacti 0.8.8H Cacti Cacti 1.0.0 Cacti Cacti 1.1.11 Cacti Cacti 1.1.12 Cacti Cacti 1.1.13 Cacti Cacti 1.1.14 Cacti Cacti 1.1.15	46

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2017-889.NASL
description	This update for cacti, cacti-spine fixes the following issues : - CVE-2017-12065: Possible code execution via avgnan, outlier-start, or outlier-end parameter (bsc#1051633) - CVE-2017-11691: XSS in auth_profile.php allows remote attackers to inject arbitrary JS via specially crafted HTTP Referer headers (bsc#1050950) - CVE-2017-10970: XSS Issue in link.php bsc#1047512 - CVE-2017-11163: XSS Issue in lib/html_form.php bsc#1048102 In addition, cacti and cacti-spine were updated to the current stable release 1.1.16, containing all upstream improvements and bugfixes.
last seen	2020-06-05
modified	2017-08-08
plugin id	102249
published	2017-08-08
reporter	This script is Copyright (C) 2017-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/102249
title	openSUSE Security Update : cacti / cacti-spine (openSUSE-2017-889)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2017-127E76D78D.NASL
description	- Update to 1.1.16 - CVE-2017-12065 CVE-2017-12066 Release notes: https://www.cacti.net/release_notes.php?version=1.1.16 ---- - Update to 1.1.15 Release notes: https://www.cacti.net/release_notes.php?version=1.1.15 ---- - Update to 1.1.14 Release notes: https://www.cacti.net/release_notes.php?version=1.1.14 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2017-08-10
plugin id	102327
published	2017-08-10
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/102327
title	Fedora 25 : cacti (2017-127e76d78d)

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2017-874.NASL
description	spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. (CVE-2017-12065) Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163 . (CVE-2017-12066) Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. (CVE-2017-10970)
last seen	2020-06-01
modified	2020-06-02
plugin id	102548
published	2017-08-18
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/102548
title	Amazon Linux AMI : cacti (ALAS-2017-874)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201711-10.NASL
description	The remote host is affected by the vulnerability described in GLSA-201711-10 (Cacti: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Cacti. Please review the CVE identifiers referenced below for details. Impact : Remote attackers could execute arbitrary code or bypass intended access restrictions. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	104518
published	2017-11-13
reporter	This script is Copyright (C) 2017-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/104518
title	GLSA-201711-10 : Cacti: Multiple vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2017-6833997D76.NASL
description	- Update to 1.1.16 - CVE-2017-12065 CVE-2017-12066 Release notes: https://www.cacti.net/release_notes.php?version=1.1.16 ---- - Update to 1.1.15 Release notes: https://www.cacti.net/release_notes.php?version=1.1.15 ---- - Update to 1.1.14 Release notes: https://www.cacti.net/release_notes.php?version=1.1.14 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-05
modified	2017-08-08
plugin id	102247
published	2017-08-08
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/102247
title	Fedora 26 : cacti (2017-6833997d76)