Upstream information
Description
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, an arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having the "Import Templates" permission to execute arbitrary PHP code on the web server. The vulnerability is located within the `import_package()` function defined into the `/lib/import.php` script. The function blindly trusts the filename and file content provided within the XML data, and writes such files into the Cacti base path (or even outside, since path traversal sequences are not filtered). This can be exploited to write or overwrite arbitrary files on the web server, leading to execution of arbitrary PHP code or other security impacts. Version 1.2.27 contains a patch for this issue.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having critical severity.
CNA (GitHub) | National Vulnerability Database | |
---|---|---|
Base Score | 9.1 | 7.2 |
Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Network | Network |
Attack Complexity | Low | Low |
Privileges Required | High | High |
User Interaction | None | None |
Scope | Changed | Unchanged |
Confidentiality Impact | High | High |
Integrity Impact | High | High |
Availability Impact | High | High |
CVSSv3 Version | 3.1 | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2024:0274-1, published Mon Sep 2 16:48:16 2024
- openSUSE-SU-2024:0276-1, published Tue Sep 3 00:48:11 2024
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Package Hub 12 |
| Patchnames: openSUSE-2024-274 |
SUSE Package Hub 15 SP5 |
| Patchnames: openSUSE-2024-274 |
SUSE Package Hub 15 SP6 |
| Patchnames: openSUSE-2024-276 |
openSUSE Leap 15.5 |
| Patchnames: openSUSE-2024-274 |
openSUSE Leap 15.6 |
| Patchnames: openSUSE-2024-276 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-13962 |
SUSE Timeline for this CVE
CVE page created: Tue May 14 18:08:57 2024CVE page last modified: Thu Dec 19 11:55:44 2024