CVE-2023-39358

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 5, 2023

Updated: Nov 3, 2023

CWE ID 89

Summary

CVE-2023-39358 is a newly discovered vulnerability affecting the open source monitoring tool, Cacti. The issue lies in the `reports_user.php` file, specifically in the `ajax_get_branches` function. Authenticated users can exploit an SQL injection vulnerability in this function to gain privilege escalation and execute remote code. The root cause is the lack of validation for the `tree_id` parameter. Upgrading to version 1.2.25 is recommended to address this vulnerability. No known workarounds exist.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cacti
Cacti Cacti
Fedora Operating System

Affected Vendors

Fedora Project
Cacti

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sJX4Tm
https://www.cve.org/CVERecord?id=CVE-2023-39358
https://nvd.nist.gov/vuln/detail/CVE-2023-39358

Back to Vulnerability Database