CVE-2024-25642- Arbitrary File Write Vulnerability

Post general support questions here that do not specifically fall into the Linux or Windows categories.

Moderators: Developers, Moderators

Post Reply
Htet
Posts: 3
Joined: Thu Mar 16, 2023 5:04 am

CVE-2024-25642- Arbitrary File Write Vulnerability

Post by Htet »

Could someone please kindly advise how to harden cacti 1.2.24 for below mention Vulnerability?

CVE-2024-25642- Arbitrary File Write Vulnerability
1. Successful exploitation of this vulnerability could allow an authenticated attacker, with "Import Templates"
2. This vulnerability affects all Cacti versions prior to the latest (<=1.2.26)

Best Regards,
Htet Htet
User avatar
macan
Cacti Guru User
Posts: 1137
Joined: Tue Mar 18, 2008 2:30 am
Location: Czech

Re: CVE-2024-25642- Arbitrary File Write Vulnerability

Post by macan »

Template can contain more files which are saved to /your/cacti/resource directory. In malicious template can be different path and file (php, shell script) could be saved to another location.

We recommned update to 1.2.27
Let the Cacti grow!
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests