Critical Vulnerability in Cacti Product

Published on 10 Jan 2023

Updated on 10 Jan 2023

Security researchers have discovered a vulnerability (CVE-2022-46169) affecting Cacti, an open source web-based monitoring solution. The vulnerability affects versions 1.2.22 and below, and has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.

Successful exploitation of the command injection vulnerability could allow an unauthenticated attacker to execute arbitrary code on a server running a vulnerable Cacti instance if a specific data source was selected for any monitored device.

Users and administrators of affected product versions are advised to upgrade to version 1.2.23 immediately.

More information is available here:

https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/

https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf