Warning: Cacti Has a Severe RCE Vulnerability, Patch Immediately!
CVE-2024-29895: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2024-31459: CVSS N/A
CVE-2024-31445: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2024-25641: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Bronnen
https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m
Risico’s
Servers running Cacti are vulnerable to remote code execution (RCE) vulnerability.
Beschrijving
A security vulnerability has been identified in the cmd_realtime.php file within the Cacti software when the register_argc_argv is set to On. This vulnerability can be exploited remotely using the Cacti web interface, allowing an attacker to execute arbitrary commands on the Cacti server. By leveraging these commands, the attacker could potentially download and execute additional code, gaining full control over the server.
The attack’s complexity is low, which means that an attacker only requires basic skills to successfully carry it out.
Cacti is commonly used for monitoring other systems, which means that compromising the Cacti server could also grant the attacker access to other networked systems and services.
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends:
- to update the Cacti software as soon as possible to the latest version of 1.3.x DEV;
- to make sure that the web interface is only exposed on trusted networks.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise. Check the webserver’s access logs for untrusted IP addresses that might have accessed the file cmd_realtime.php and check for suspicious or unexpected activity performed by the user ID that runs the Cacti software.