While conducting offensive security testing for a third-party client, NaviSec’s Delta Team discovered a critical zero-day exploit for all versions of Cacti services prior to v1.2.20. Upon discovery, NaviSec reported the vulnerability to Cacti and worked with them to patch it. Cacti has now released an update that closes the vulnerability.
Risk Level
CVSSv3 Base Score: 9.8 Critical
CVE-2022-0730 publicly exposes at least 5000 installations. Internal installations are also affected by this vulnerability. A successful exploitation would lead to unauthorized access to sensitive information within the Cacti installation
Vulnerability
When the LDAP authentication is enabled, the authentication can be bypassed which results in unauthorized access to the service. Depending on the configuration this might result in administrative access to the Cacti server. Successful exploit would result in the adversaries being able to access sensitive data, modify or potentially delete information, heavily impacting confidentiality, integrity and availability.
Affected Software
Cacti is open-source and web-based software used as:
- a performance and fault management framework and a frontend RRDTool
- a stack web application supported on Linux, Apache, MySQL, PHP, and Windows
Prior to the release of v1.2.20, all previous versions of Cacti are impacted by the vulnerability, including v1.2.19, which was released October 29, 2021.
Patch
Cacti’s most recent update patches this vulnerability. It can be accessed here.