CVE-2023-39361
CACTI UP TO 1.2.24 GRAPH _ VIEW.PHP SQL INJECTION
DESCRIPTION
Cacti is an open-source operational monitoring and fault management framework. Affected versions of Cacti suffer from a SQL injection vulnerability found within the graph_view.php file. This means there is a security loophole in the software that allows SQL injection attacks.
One crucial aspect is that guest users can access graph_view.php by default without the need for authentication (login or identification). This means that anyone, including attackers, can access this page without restrictions.
In situations where guest users are enabled and do not require authentication, this vulnerability has the potential for serious impact. Attackers can exploit it to perform various harmful actions, such as taking over administrative privileges or even remotely executing code on vulnerable systems.
This vulnerability is classified as critical and potentially damaging. It occurs in a portion of code within the graph_view.php file that is not properly sanitized. Manipulation with unknown input can lead to SQL injection vulnerability. Due to its serious potential impact, this vulnerability has a high severity score on the severity scale at nvd.nist.gov, which is 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
AFFECTED SYSTEMS
The systems affected by the CVE-2023-39361 vulnerability in Cacti are those running Cacti software up to version 1.2.24. More specifically, this vulnerability affects Cacti installations that allow guest access to the graph_view.php file without requiring authentication (login).
VULNERABILITY IMPACT
SQL Injection Vulnerability Exploitation: Attackers who successfully exploit this vulnerability can execute unauthorized SQL commands on the database used by Cacti. This can result in unauthorized access, data modification, or even database corruption.
• Sensitive Data Disclosure: If Cacti is used to monitor sensitive data such as network or infrastructure information, attackers can access and disclose this data. This can jeopardize the confidentiality of critical information.
• Potential Control Takeover: Attackers who successfully execute SQL Injection attacks can attempt to take control of the affected system. This could include taking over administrative privileges or even remote code execution, which can be used for malicious purposes.
• The impact of CVE-2023-39361 vulnerability in Cacti is serious and can have detrimental consequences if exploited by attackers. Here are some potential impacts that may occur due to this vulnerability:
It is important to note that the impact of this vulnerability highly depends on how attackers exploit it and the configuration of the affected systems. However, since this vulnerability can affect the confidentiality, integrity, and availability of data as well as the security of the system, it is crucial to address it promptly.
RECOMMENDATIONS
RUpgrade to the Latest Version: The most important step is to update the Cacti software to the patched version, which is version 1.2.25 or newer. This will ensure that the SQL injection vulnerability has been addressed.
Disable Guest Access: If there is no specific need to provide guest or unauthenticated access to the graph_view.php page, consider disabling or limiting this feature. This can help reduce the risk of the vulnerability being exploited.