NaviSec Discovers Critical Zero-Day Exploit for Cacti Services

While conducting offensive security testing for a third-party client, NaviSec’s Delta Team discovered a critical zero-day exploit for all versions of Cacti services prior to v1.2.20. Upon discovery, NaviSec reported the vulnerability to Cacti and worked with them to patch it. Cacti has now released an update that closes the vulnerability.  

Risk Level

CVSSv3 Base Score: 9.8 Critical

CVE-2022-0730 publicly exposes at least 5000 installations. Internal installations are also affected by this vulnerability. A successful exploitation would lead to unauthorized access to sensitive information within the Cacti installation

Vulnerability

When the LDAP authentication is enabled, the authentication can be bypassed which results in unauthorized access to the service. Depending on the configuration this might result in administrative access to the Cacti server. Successful exploit would result in the adversaries being able to access sensitive data, modify or potentially delete information, heavily impacting confidentiality, integrity and availability.

Affected Software

Cacti is open-source and web-based software used as:

  •       a performance and fault management framework and a frontend RRDTool
  •       a stack web application supported on Linux, Apache, MySQL, PHP, and Windows

Prior to the release of v1.2.20, all previous versions of Cacti are impacted by the vulnerability, including v1.2.19, which was released October 29, 2021.

Patch

Cacti’s most recent update patches this vulnerability. It can be accessed here.

Urgent Contact