CVE-2019-17358

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.8

Description The issue is related to insufficient deserialization mechanisms in the lib/functions.php component of the Cacti network monitoring tool. This could allow a remote attacker to compromise data integrity or cause a denial of service. An authenticated attacker may exploit this to influence object data values and control actions taken by Cacti, potentially causing memory corruption in the PHP module.

Recommendations For Cacti versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the lib/functions.php component to minimize the risk of exploitation.

Exploit

Fix

Deserialization of Untrusted Data

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-787

Related Identifiers

ALT-PU-2020-1488

ALT-PU-2020-3430

ALT-PU-2025-1813

BDU:2020-00798

CVE-2019-17358

DLA-2032-1

DSA-4604-1

OPENSUSE-SU-2020:0272-1

OPENSUSE-SU-2020:0284-1

OPENSUSE-SU-2020:0558-1

OPENSUSE-SU-2020:0565-1

OPENSUSE-SU-2020_0272-1

OPENSUSE-SU-2020_0558-1

OPENSUSE-SU-2024:10670-1

Affected Products

Alt Linux

Cacti

Suse

CVE-2019-17358

Weakness Enumeration

Related Identifiers

Affected Products

References · 100