Many Cacti servers are vulnerable to attack as they fail to patch critical vulnerabilities

Cacti device monitoring tools having more than 1600 instances are vulnerable to a critical security issue under exploitation in the wild.

Monitoring and fault management solution Cacti provides graphical visualization of network devices. Across the world, there are thousands of precedents deployed on the web.

A security advisory has warned of a critical command injection vulnerability CVE-2022-46169 with a severity rating of 9.8 in Cacti that can be easily exploited without verification in December 2022.

An update on fixing the recent vulnerability was released y the developer, advising to put a stop to command injection and verification bypass; on an open-source, web-based monitoring solution affected by the vulnerability CVE-2022-46169.

Along with the PoC(Proof-of-concept) exploit code, technical details about the issue and how it could be manipulated emerge in the same month that could change for attacks. A company named SonarSource that provides code quality and security products emancipates a technical press report of their finding and a short video illustrating the vulnerability.

First, the exploits installed botnets like Mirai malware. Moreover, another exploit installed was an IRC botnet (PERL-based) that unlocks a reverse shell on the host and commands it to run port scans. The more recent attacks are just checking for vulnerability. As Shadowserver researchers reported, Cacti’s CVE-2022-46169 vulnerability has been exploited more than twice in the last week.

There are 6,427 Cacti hosts exposed on the web, according to an attack surface search platform from Censys. However, determining how many run a vulnerable version or have updated is impossible.

According to the company, 1,637 Cacti servers reachable over the web were exposed to CVE-2022-46169, with a majority (465) running version 1.1.38 of the monitoring solution released in April 2021. 

Censys determined that 26 out of 69 Cacti hosts had a version number that was not vulnerable to the critical flaw. If an attacker can access the Cacti instance of an organization, they will be able to find out what type of devices are connected to the network and what IP addresses they use. Hackers can use this information to gain an accurate picture of the network and find targets to attack and establish a foothold.

Ensure your system is protected from this vulnerability with ESOF VMDR

TAC Security platform ESOF provide a Vulnerability Management Solution by detecting and mitigating vulnerabilities in your IT infrastructure. ESOF VMDR implements to protect from malicious cyberattacks. Other than this, it prioritizes, automatically, immediately, and continuously monitors all vulnerabilities as soon as the user installs them on their system.

• With its Threat intelligence feature, it can determine which assets are vulnerable. 
• Therefore, assisting the vector in string and attack vector of the cyber attack.
• The cyber risk score enhances the organization’s communication. As a result, it reduces cyber risk with a cyber score and gives business owners a sense of how secure their organization is.
• Rapidly turn down critical vulnerabilities by auto-prioritization and auto-remediation.
• Protect all the real-time files in your organization’s complete IT stack.
• With schedule scanning, you can find zero-day vulnerabilities according to their architecture, like web, Mobile, SCR, and Infra.
• ESOF VMDR helps find the system’s hidden vulnerabilities and segregates the ones considered high risk.

Cyber-Security is much more than a matter of IT.

To know more about ESOF VMDR.
Download ESOF VMDR Datasheet for more information!