Critical Cacti Vulnerabilities Addressed in Latest Update

Cacti is a popular open-source platform for monitoring network health and performance. Several vulnerabilities were discovered in Cacti, which have been patched in the latest version 1.2.27. This update is crucial for users relying on Cacti for network performance tracking and issue resolution.

Cacti developers fixed 12 security issues, including two highly severe ones (CVE-2024-25641 & CVE-2024-29895). These vulnerabilities could grant attackers remote code execution, giving them complete control over affected systems.

CVE-2024-25641 (CVSS score: 9.1): This is an arbitrary file write flaw in the “Package Import” feature. It allows authenticated users with the “Import Templates” permission to write malicious PHP code anywhere on the server. By exploiting this flaw, attackers can achieve remote code execution and take control of the server.

Critical Cacti Vulnerabilities Addressed in Latest Update

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Critical Cacti Vulnerabilities Addressed in Latest Update

29-May-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address