CVE-2023-45741

Name of the Vulnerable Software and Affected Versions Cacti versions (affected versions not specified) VR-S1000 firmware versions prior to 2.42

Description The issue is related to a lack of protection in the SQL query structure in Cacti, and in VR-S1000 firmware, it allows an attacker with access to the product's web management page to execute arbitrary OS commands. This could potentially be exploited by a remote attacker to execute arbitrary code using the pollers.php script. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For Cacti, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For VR-S1000 firmware versions prior to 2.42, update to version 2.42 or later to resolve the issue. As a temporary workaround, consider restricting access to the web management page to minimize the risk of exploitation.