FortiGuard Labs is aware of a report that a recently patched vulnerability in the Cacti network monitoring and management suite is being exploited in the wild. The vulnerability (CVE-2022-46169) is a command injection vulnerability that allows a remote, unauthenticated user to execute arbitrary code on a server running vulnerable version of Cacti.
Why is this Significant?
This is significant because, although recently patched, CVE-2022-46169 is reported to have been exploited in the wild. The vulnerability is in Cacti, which is an open-source software for monitoring network devices and graphically displaying collected information.
What is CVE-2022-46169?
CVE-2022-46169 is a vulnerability in the Cacti network monitoring and management that a remote, unauthenticated attacker could exploit by sending a crafted HTTP request. Successful exploitation could result in arbitrary system command execution under the context of the target system.
The vulnerability is rated critical and has a CVSS score of 9.8.
Has the Vendor Released an Advisory for CVE-2022-46169?
Yes, the advisory is publicly available. See the Appendix for a link to "Unauthenticated Command Injection".
What Version of Cacti is Vulnerable?
The advisory released by Cacti lists 1.2.22 as a vulnerable version.
Has the Vendor Released a Patch for CVE-2022-46169?
Yes, the patch was released in v1.2.23 and v1.3.0 on December 5, 2022.
What is the Status of Protection?
FortiGuard Labs has the following IPS signature in place for
- Cacti.remote_agent.php.Remote.Command.Execution (default action is set to "pass")
In affected versions of Cacti v1.2.22, a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti. Gaining access to the Cacti instance of an organization could give attackers with the opportunity to learn about the types of devices on the network and their local IP addresses.