Cyber Security News

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that could allow attackers to execute remote code on affected systems.

The vulnerability, detailed in the recent release of Cacti version 1.2.28, highlights the need for system administrators to pay immediate attention to this popular open-source software.

Remote Code Execution via Log Poisoning

The most alarming issue disclosed in the latest Cacti update is a Remote Code Execution (RCE) vulnerability, tracked as security advisory #GHSA-gxq4-mv8h-6qj4.

Log poisoning, a technique where malicious input is injected into log files, can exploit this flaw, potentially allowing attackers to execute arbitrary commands on the server. 

Cacti users are urged to upgrade to version 1.2.28 immediately to mitigate this risk. The development team has emphasized the importance of this update, stating that failure to patch could leave systems open to severe security breaches.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Cross-Site Scripting Vulnerabilities

In addition to the RCE vulnerability, several Cross-Site Scripting (XSS) vulnerabilities have been addressed in this release. These include:

  • #GHSA-49f2-hwx9-qffr: An XSS vulnerability when creating external links with the consolenewsection parameter.
  • #GHSA-fgc6-g8gc-wcg5: An XSS vulnerability associated with the title parameter.
  • #GHSA-wh9c-v56x-v77c: An XSS vulnerability involving the fileurl parameter.

These vulnerabilities could allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to data theft and other malicious activities.

Additional Bug Fixes and Features

The release addresses several non-security-related issues and introduces new features to improve Cacti’s functionality and user experience.

Notable fixes include resolving LDAP authentication warnings (#5636), addressing replication loops during installation (#5754), and ensuring proper data source record ordering (#5771). 

New features include enhanced logging capabilities (#5784), improved graph display settings (#5819), and updates to key libraries such as jQuery and Purify.js.

These enhancements reflect ongoing efforts by the Cacti development community to refine and expand the tool’s capabilities.

The Cacti team continues to encourage community involvement in its development process. Users can contribute by submitting issues, forking repositories, and providing pull requests on GitHub.

This collaborative approach helps identify potential vulnerabilities and improve innovation and improvement within the software. 

The README file on Cacti’s GitHub page provides detailed information for those interested in contributing or learning more about these updates.

The team extends gratitude to all users and contributors who play a vital role in enhancing Cacti’s security and functionality. 

As network monitoring remains a critical component of IT infrastructure management, maintaining up-to-date software is essential for protecting systems against emerging threats.

The swift response from the Cacti team underscores their commitment to security and reliability in an ever-evolving digital landscape.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

1 day ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

2 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

2 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

2 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

2 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

2 days ago