← Back

CVE-2023-31132

nvd nist
Published: Sep 5, 2023Modified: Apr 11, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (1)

Products: Cacti: Cacti
Cacti
1 product
Cacti
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cacti
Before 1.2.25
Running on/withPlatform Versions
Microsoft
Windows
All versions

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (8)

Source: security-advisories@github.com
ExploitVendor Advisory
Source: security-advisories@github.com
Mailing List
Source: security-advisories@github.com
Mailing List
Source: security-advisories@github.com
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List

Timeline

No history available yet.