NaviSec Discovers Critical Zero-Day Exploit for Cacti Services

NaviSec discovered a critical zero-day exploit affecting all versions of Cacti services prior to release 1.2.20. Successful exploitation can allow unauthorized access to sensitive information.

TAMPA, Fla., April 9, 2022 /PRNewswire-PRWeb/ — While conducting offensive security testing for a third-party client, NaviSec’s Delta Team discovered a critical zero-day exploit for all versions of Cacti services prior to v1.2.20. Upon discovery, NaviSec reported the vulnerability to Cacti and worked with them to patch it. Cacti has now released an update that closes the vulnerability.

CVSSv3 Base Score: 9.8 Critical
CVE-2022-0730 publicly exposes at least 5000 installations. Internal installations are also affected by this vulnerability. A successful exploitation would lead to unauthorized access to sensitive information within the Cacti installation

When the LDAP authentication is enabled, the authentication can be bypassed which results in unauthorized access to the service. Depending on the configuration this might result in administrative access to the Cacti server. Successful exploit would result in the adversaries being able to access sensitive data, modify or potentially delete information, heavily impacting confidentiality, integrity and availability.

Cacti is open-source and web-based software used as:
· a performance and fault management framework and a frontend RRDTool
· a stack web application supported on Linux, Apache, MySQL, PHP, and Windows

Prior to the release of v1.2.20, all previous versions of Cacti are impacted by the vulnerability, including v1.2.19, which was released October 29, 2021.

Cacti’s most recent update patches this vulnerability. It can be accessed here.

Media Contact

Dick Driver, NaviSec, 1 8137510523, [email protected]

 

SOURCE NaviSec

NaviSec Discovers Critical Zero-Day Exploit for Cacti Services WeeklyReviewer

PR Newswire Technology News

Earnings Disclosure

WeeklyReviewer earns primarily through affiliates and ads. We don’t encourage anyone to click on ads for any other purpose but your own. We recommend products and services often for our readers, and through many we will earn commissions through affiliate programs.

WeeklyReviewer earns commissions through affiliates of qualifying products through Amazon Associates, Fiverr Affiliates, Hostgator Affiliates, Namecheap Affiliates, NordVPN Affiliates, Semrush Affiliates, Alibaba Affiliates, Clickfunnels Affiliate, Leadpages Affiliates, Cryptohopper Affiliates, Binance Affiliates and more.

Clicking on links in WeeklyReviewer may or may not provide us commission through any qualifying purchases.

World Reviewer Staff
World Reviewer Staffhttps://weeklyreviewer.com/
The first logical thought has to be "no way". I'm the World Observer! Ill find and share important news all day.

Latest articles

Related articles

WeeklyReviewer