CVE-2023-39364

Name of the Vulnerable Software and Affected Versions Cacti version 1.2.24

Description The issue is related to the use of open redirection in the auth changepassword.php component of the Cacti network monitoring software. This can allow a remote attacker to redirect a user to an arbitrary URL. The auth changepassword.php file accepts a ref URL parameter, which is reflected in the form used to perform the change password operation, and its value is used to perform a redirect via the header PHP function. A user can be tricked into performing the change password operation and then interacting with a malicious website, potentially leading to malware downloads or credential provision.

Recommendations For Cacti version 1.2.24, upgrade to version 1.2.25 to address the issue. As a temporary workaround, consider restricting access to the auth changepassword.php file to minimize the risk of exploitation. Avoid using the ref parameter in the affected URL until the issue is resolved.