Dinobytes

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** Cacti is an open source operational monitoring and fault management framework. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. **Recommendations** For versions prior to 1.2.25, upgrade to version 1.2.25 or later to address the privilege escalation vulnerability. As a temporary workaround, consider restricting access to the web document directory where Cacti is installed to minimize the risk of exploitation. There are no known workarounds for this vulnerability.