#VU9569 Information disclosure in Cacti - CVE-2017-16661

Cybersecurity Help s.r.o.

Published: 2017-12-02 | Updated: 2017-12-07

Vulnerability identifier: #VU9569

Vulnerability risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-16661

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cacti
Web applications / Other software

Vendor: The Cacti Group, Inc.

Description

The vulnerability allows a remote high-privileged attacker to obtain potentially sensitive information.

The vulnerability exists due to improper validation of user-supplied requests. A remote attacker can place the Log Path into a private directory, make a specially crafted clog.php?filename= request and read /etc/passwd.

Mitigation
Update to version 1.1.28.

Vulnerable software versions

Cacti: 1.1.27

External links
https://github.com/Cacti/cacti/issues/1066

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for cacti

Fedora 27 update for cacti

Fedora 26 update for cacti

Fedora 25 update for cacti

Fedora EPEL 7 update for cacti

Multiple vulnerabilities in Cacti