Threat Signal Report
Command Injection Vulnerability (CVE-2022-46169) in Cacti Being Exploited in the Wild
Description
FortiGuard Labs is aware of a report that a recently patched vulnerability in the Cacti network monitoring and management suite is being exploited in the wild. The vulnerability (CVE-2022-46169) is a command injection vulnerability that allows a remote, unauthenticated user to execute arbitrary code on a server running vulnerable version of Cacti.
Why is this Significant?
This is significant because, although recently patched, CVE-2022-46169 is reported to have been exploited in the wild. The vulnerability is in Cacti, which is an open-source software for monitoring network devices and graphically displaying collected information.
What is CVE-2022-46169?
CVE-2022-46169 is a vulnerability in the Cacti network monitoring and management that a remote, unauthenticated attacker could exploit by sending a crafted HTTP request. Successful exploitation could result in arbitrary system command execution under the context of the target system.
The vulnerability is rated critical and has a CVSS score of 9.8.
Has the Vendor Released an Advisory for CVE-2022-46169?
Yes, the advisory is publicly available. See the Appendix for a link to "Unauthenticated Command Injection".
What Version of Cacti is Vulnerable?
The advisory released by Cacti lists 1.2.22 as a vulnerable version.
Has the Vendor Released a Patch for CVE-2022-46169?
Yes, the patch was released in v1.2.23 and v1.3.0 on December 5, 2022.
What is the Status of Protection?
FortiGuard Labs has the following IPS signature in place for
- Cacti.remote_agent.php.Remote.Command.Execution (default action is set to "pass")