virus logo Threat Signal Report

Command Injection Vulnerability (CVE-2022-46169) in Cacti Being Exploited in the Wild

Description

FortiGuard Labs is aware of a report that a recently patched vulnerability in the Cacti network monitoring and management suite is being exploited in the wild. The vulnerability (CVE-2022-46169) is a command injection vulnerability that allows a remote, unauthenticated user to execute arbitrary code on a server running vulnerable version of Cacti.


Why is this Significant?

This is significant because, although recently patched, CVE-2022-46169 is reported to have been exploited in the wild. The vulnerability is in Cacti, which is an open-source software for monitoring network devices and graphically displaying collected information.


What is CVE-2022-46169?

CVE-2022-46169 is a vulnerability in the Cacti network monitoring and management that a remote, unauthenticated attacker could exploit by sending a crafted HTTP request. Successful exploitation could result in arbitrary system command execution under the context of the target system.


The vulnerability is rated critical and has a CVSS score of 9.8.


Has the Vendor Released an Advisory for CVE-2022-46169?

Yes, the advisory is publicly available. See the Appendix for a link to "Unauthenticated Command Injection".


What Version of Cacti is Vulnerable?

The advisory released by Cacti lists 1.2.22 as a vulnerable version.


Has the Vendor Released a Patch for CVE-2022-46169?

Yes, the patch was released in v1.2.23 and v1.3.0 on December 5, 2022.


What is the Status of Protection?

FortiGuard Labs has the following IPS signature in place for

  • Cacti.remote_agent.php.Remote.Command.Execution (default action is set to "pass")

description-logoOutbreak Alert

In affected versions of Cacti v1.2.22, a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti. Gaining access to the Cacti instance of an organization could give attackers with the opportunity to learn about the types of devices on the network and their local IP addresses.

View the full Outbreak Alert Report

Telemetry

Appendix

Tweet (@Shadowserver)

Unauthenticated Command Injection (Cacti)

CVE-2022-46169 (MITRE)


ID 4
Date Jan 16, 2023
Outbreak Alert Cacti Command Injection
CVE ID CVE-2022-46169
Threat/
Vulnerability		 Vulnerability
FortiGate Device Triggered n/a
Threat Actor Type Unknown
Experienced a Breach? We're here to help FortiGuard Incident Response Services
FortiGuard Incident Response Services
Outbreak Alert Outbreak Alert