Lucene search
Steven Seeley (mr_me) of Source InciteZDI-23-093HistoryJan 31, 2023 - 12:00 a.m.
Cacti poll_for_data Command Injection Remote Code Execution Vulnerability
2023-01-3100:00:00
Steven Seeley (mr_me) of Source Incite
www.zerodayinitiative.com
24
cacti poll_for_data remote code execution
unauthenticated attack
user-supplied string
system call execution
service account context
0.964 High
EPSS
Percentile
99.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is not required to exploit this vulnerability. The specific flaw exists within the poll_for_data function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account.
Related
openvas
openvas
Fedora: Security Advisory for cacti-spine (FEDORA-2023-d4085a681f)
2023-01-13 00:00:00
Fedora: Security Advisory for cacti (FEDORA-2023-788d505ddc)
2023-01-13 00:00:00
Fedora: Security Advisory for cacti (FEDORA-2023-d4085a681f)
2023-01-13 00:00:00
githubexploit
githubexploit
Exploit for Injection in Cacti
2023-05-01 14:29:28
Exploit for Injection in Cacti
2023-05-01 14:29:28
Exploit for Injection in Cacti
2023-01-05 16:56:06
cnvd
cnvd
Cacti has a command execution vulnerability
2023-02-22 00:00:00
zdt
zdt
Cacti 1.2.22 Command Injection Exploit
2023-01-25 00:00:00
Cacti v1.2.22 - Remote Command Execution Exploit
2023-03-31 00:00:00
ubuntucve
ubuntucve
CVE-2022-46169
2022-12-05 00:00:00
nessus
nessus
FreeBSD : net-mgmt/cacti is vulnerable to remote command injection (59c284f4-8d2e-11ed-9ce0-b42e991fc52e)
2023-01-09 00:00:00
openSUSE 15 Security Update : cacti, cacti-spine (openSUSE-SU-2023:0025-1)
2023-01-23 00:00:00
Amazon Linux AMI : cacti (ALAS-2023-1675)
2023-01-24 00:00:00
hivepro
hivepro
The Vulnerability Discovered in the Cacti Open-Source RRD tool
2023-01-16 10:56:28
fedora
fedora
[SECURITY] Fedora 36 Update: cacti-1.2.23-1.fc36
2023-01-13 01:21:30
[SECURITY] Fedora 36 Update: cacti-spine-1.2.23-1.fc36
2023-01-13 01:21:30
[SECURITY] Fedora 37 Update: cacti-1.2.23-1.fc37
2023-01-13 01:32:05
cisa_kev
cisa_kev
Cacti Command Injection Vulnerability
2023-02-16 00:00:00
attackerkb
attackerkb
CVE-2022-46169
2022-12-05 00:00:00
cve
cve
CVE-2022-46169
2022-12-05 21:15:10
debiancve
debiancve
CVE-2022-46169
2022-12-05 21:15:10
vulnrichment
vulnrichment
CVE-2022-46169 Unauthenticated Command Injection
2022-12-05 20:48:07
nuclei
nuclei
Cacti <=1.2.22 - Remote Command Injection
2022-12-23 12:35:53
nvd
nvd
CVE-2022-46169
2022-12-05 21:15:10
cvelist
cvelist
CVE-2022-46169 Unauthenticated Command Injection
2022-12-05 20:48:07
amazon
amazon
Critical: cacti
2023-01-19 20:10:00
freebsd
freebsd
net-mgmt/cacti is vulnerable to remote command injection
2022-12-05 00:00:00
alpinelinux
alpinelinux
CVE-2022-46169
2022-12-05 21:15:00
veracode
veracode
Command Injection
2022-12-15 01:51:41
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-01-27 21:17:01
osv
osv
CVE-2022-46169
2022-12-05 21:15:10
cacti - security update
2022-12-09 00:00:00
cacti - security update
2022-12-31 00:00:00
prion
prion
Command injection
2022-12-05 21:15:00
metasploit
metasploit
Cacti 1.2.22 unauthenticated command injection
2022-12-22 15:55:45
packetstorm
packetstorm
Cacti 1.2.22 Remote Command Execution
2023-03-31 00:00:00
Cacti 1.2.22 Command Injection
2023-01-24 00:00:00
exploitdb
exploitdb
Cacti v1.2.22 - Remote Command Execution (RCE)
2023-03-31 00:00:00
debian
debian
[SECURITY] [DSA 5298-1] cacti security update
2022-12-09 19:25:47
[SECURITY] [DLA 3252-1] cacti security update
2022-12-31 09:27:10
thn
thn