[Nulled] » Information security » Most Cacti installations on the Internet are not fixed and are vulnerable to a critical RCE error
January 16 2023

Most Cacti installations on the Internet are not fixed and are

web3 16-01-2023, 13:07 Information security 196

Most Cacti installations on the Internet are not fixed and are vulnerable to a critical RCE error, which is actively exploited during real attacks.

Cacti, an open source web-based tool for operational monitoring and fault management, is an interface application for the RRDTool data logging utility.

In early December 2022, the maintainers of the tool announced fixes for CVE-2022-46169 with a CVSS score of 9.8, allowing attackers to execute code on a server without authentication on which Cacti is running.

The bug was fixed on December 5, the same day it was discovered by SonarSource researchers.

A few days after SonarSource published a technical analysis of CVE-2022-46169 on January 3, Shadowserver warned that it had recorded the first exploitation attempts to implement remote commands without authentication, aimed at vulnerability, including subsequent malware downloads.

Censys resellers reported that of the 6,400 Cacti hosts it found available on the Internet, only 26 had a patched version of the tool installed. Most of the vulnerable servers are located in Brazil, Indonesia and the USA.

As the exploitation of this vulnerability continues, users are advised to update Cacti to the corrected version as soon as possible.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 13:07
  • Publication category(s): Information security
  • Number of views of the publication: 196
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Critical CVE-2022-44877

Critical CVE-2022-44877 with a severity rating of 9.8 out of 10, recently fixed in the Control Web Panel (formerly

Read more
16 January 2023
Information security
Thousands of Citrix ADC

Thousands of Citrix ADC and Gateway servers remain vulnerable to two major vulnerabilities fixed recently.

Read more
16 January 2023
Information security
Experts warn of a

Experts warn of a critical vulnerability of the Linux kernel of 10 points on the CVSS scale, which affects SMB

Read more
16 January 2023
Information security
The first January ICS

The first January ICS fixes came up with a dozen security recommendations from Siemens and Schneider Electric,

Read more
16 January 2023
Information security
Auth0 fixed an RCE

Auth0 fixed an RCE vulnerability in the popular open source library JsonWebToken, which was used in more than

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +5 Total articles 6750
  • +15 Comments 4227
  • +38 Users : 6048