CVE-2023-31132
Summary
| CVE | CVE-2023-31132 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-05 22:15:00 UTC |
| Updated | 2023-11-03 21:15:00 UTC |
| Description | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. |
Risk And Classification
Problem Types: CWE-306
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 37 Update: cacti-1.2.25-1.fc37 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| [SECURITY] Fedora 38 Update: cacti-spine-1.2.25-1.fc38 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| [SECURITY] Fedora 39 Update: cacti-spine-1.2.25-1.fc39 - package-announce - Fedora Mailing-Lists | MISC | lists.fedoraproject.org | |
| Privilege escalation when Cacti installed using Windows Installer defaults · Advisory · Cacti/cacti · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.