PT-2017-14508 · Cacti+1 · Cacti+1
Hex0Wn
·
Publicado
2017-11-08
·
Atualizado
2024-06-15
·
CVE-2017-16660
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cacti version 1.1.27
Description
The issue allows remote authenticated administrators to conduct code execution attacks. This is achieved by placing the Log Path under the web root and then making a request to the
remote agent.php endpoint containing code in the Client-ip header.Recommendations
For Cacti version 1.1.27, consider restricting access to the
remote agent.php endpoint until a patch is available. Additionally, ensure the Log Path is not under the web root to prevent exploitation.Exploit
Correção
RCE
Exposure of Resource to Wrong Sphere
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cacti
Suse