CVE-2023-39358 : Security Advisory and Response

An authenticated SQL injection vulnerability in reports_user.php in Cacti has been discovered, allowing authenticated users to perform privilege escalation and remote code execution.

Understanding CVE-2023-39358

This CVE involves an SQL injection vulnerability in Cacti's reports_user.php file that can be exploited by authenticated users, leading to serious consequences.

What is CVE-2023-39358?

Cacti, an open-source operational monitoring and fault management framework, is impacted by an authenticated SQL injection vulnerability. The flaw allows attackers to escalate privileges and execute remote code by manipulating the

tree_id

parameter in the

reports_get_branch_select

function.

The Impact of CVE-2023-39358

The vulnerability poses a high risk to confidentiality, integrity, and availability, with a CVSS base score of 8.8 (High severity). Attack complexity is low, but the impact on affected systems can be severe.

Technical Details of CVE-2023-39358

This section covers the specifics of the vulnerability, affected systems, and how attackers can exploit it.

Vulnerability Description

The vulnerability in Cacti's reports_user.php file allows authenticated users to execute SQL injection attacks, leading to privilege escalation and remote code execution. The issue has been resolved in version 1.2.25.

Affected Systems and Versions

Cacti versions prior to 1.2.25 are affected by this vulnerability. Users using versions older than 1.2.25 are at risk of exploitation.

Exploitation Mechanism

By manipulating the

tree_id

parameter in the

reports_get_branch_select

function, authenticated users can inject malicious SQL commands, gaining unauthorized access and control over the system.

Mitigation and Prevention

Protecting systems from CVE-2023-39358 requires immediate action and long-term security measures to prevent future vulnerabilities.

Immediate Steps to Take

Users are strongly advised to update Cacti to version 1.2.25 or later to patch the vulnerability. Failure to update may lead to exploitation and compromise of sensitive data.

Long-Term Security Practices

Implementing secure coding practices, conducting regular security audits, and ensuring timely software updates are essential for maintaining a secure environment.

Patching and Updates

Regularly check for security updates from Cacti and apply patches promptly to protect systems from known vulnerabilities.