SB2023100429 - Fedora 38 update for cacti, cacti-spine

Security Bulletin ID SB2023100429

Severity

High

Patch available

YES

Number of vulnerabilities 18

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.

1) Deserialization of Untrusted Data (CVE-ID: CVE-2023-30534)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the host_new_graphs_save() function in graphs_new.php. A remote user can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Incorrect default permissions (CVE-ID: CVE-2023-31132)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions set for web document directory. A local user with create an arbitrary PHP file in the directory and execute it on the system.

Note, the vulnerability affects Windows installations only.

3) SQL injection (CVE-ID: CVE-2023-39357)

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within the sql_save() function. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

4) SQL injection (CVE-ID: CVE-2023-39358)

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within the ajax_get_branches() function in reports_user.php. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

5) SQL injection (CVE-ID: CVE-2023-39359)

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data in graphs.php. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

6) Cross-site scripting (CVE-ID: CVE-2023-39360)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed to graphs_new.php. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

7) SQL injection (CVE-ID: CVE-2023-39361)

The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data within the grow_right_pane_tree() function in graph_view.php. A remote non-authenticated attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

8) OS Command Injection (CVE-ID: CVE-2023-39362)

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in lib/snmp.php. A remote user attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

9) Open redirect (CVE-ID: CVE-2023-39364)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data passed via the "ref" parameter to auth_changepassword.php. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

10) SQL injection (CVE-ID: CVE-2023-39365)

The vulnerability allows a remote user to execute arbitrary SQL queries in database.

The vulnerability exists due to insufficient sanitization of user-supplied data when using regular expression within the graph_view and link endpoints. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.

Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.

11) Stored cross-site scripting (CVE-ID: CVE-2023-39366)