CVE-2023-39361

Опубликовано: 05 сент. 2023

Источник: ubuntu

Приоритет: high

EPSS Критический

CVSS3: 9.8

Описание

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	released	1.2.25+ds1-2
esm-apps/bionic	not-affected	code not present
esm-apps/focal	not-affected	code not present
esm-apps/jammy	released	1.2.19+ds1-2ubuntu1+esm1
esm-apps/noble	released	1.2.25+ds1-2
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
focal	not-affected	code not present
jammy	needed

Показывать по

Ссылки на источники

EPSS

Процентиль: 100%

0.92278

Критический

9.8 Critical

CVSS3

Связанные уязвимости

CVE-2023-39361

CVSS3: 9.8

nvd

больше 2 лет назад

CVE-2023-39361

CVSS3: 9.8

debian

больше 2 лет назад

Cacti is an open source operational monitoring and fault management fr ...

BDU:2023-05532

CVSS3: 9.8

fstec

больше 2 лет назад

Уязвимость функции grow_right_pane_tree() (graph_view.php) программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольные SQL-запросы

openSUSE-SU-2023:0275-1

suse-cvrf

больше 2 лет назад

Security update for cacti, cacti-spine

EPSS

Процентиль: 100%

0.92278

Критический

9.8 Critical

CVSS3

CVE-2023-39361

Описание

Пакет cacti

Ссылки на источники

Связанные уязвимости