Описание
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.2.30+ds1-1ubuntu1 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| noble | needs-triage |
Показывать по
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.
Cacti is an open source performance and fault management framework. Du ...
Уязвимость функций ss_net_snmp_disk_io() и ss_net_snmp_disk_bytes() программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить произвольный код
EPSS
9.1 Critical
CVSS3