CVE-2024-29895

Name of the Vulnerable Software and Affected Versions Cacti versions 1.3.x

Description A command injection vulnerability allows any unauthenticated user to execute arbitrary commands on the server when the register argc argv option of PHP is On. The vulnerability is located in cmd realtime.php and is exploited through the $poller id variable, which can be controlled by URL when register argc argv is On. This option is On by default in many environments.

Recommendations For Cacti version 1.3.x, consider disabling the cmd realtime.php functionality until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the poller id variable in the affected API endpoint until the issue is resolved. Update to a version that includes the patch for the issue, as commit 53e8014d1f082034e0646edc6286cde3800c683d contains a fix, but ensure it is not reverted like in commit 99633903cad0de5ace636249de16f77e57a3c8fc.

Note: The provided information does not include details about the number of potentially affected devices or real-world incidents.