Web application abuses : Cacti 'Linux - Get Memory Usage' RCE Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100365

Categoría: Web application abuses

Título: Cacti 'Linux - Get Memory Usage' RCE Vulnerability

Resumen: Cacti is prone to a remote command-execution vulnerability because the; software fails to adequately sanitize user-supplied input.

Descripción: Summary:
Cacti is prone to a remote command-execution vulnerability because the
software fails to adequately sanitize user-supplied input.

Vulnerability Impact:
Successful attacks can compromise the affected software and possibly the host.

Solution:
Update to version 0.8.7e or later.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4112
BugTraq ID: 37137
http://www.securityfocus.com/bid/37137
Bugtraq: 20091126 Cacti 0.8.7e: Multiple security issues (Google Search)
http://www.securityfocus.com/archive/1/508129/100/0/threaded
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html
http://www.openwall.com/lists/oss-security/2009/11/26/1
http://www.openwall.com/lists/oss-security/2009/11/30/2
SuSE Security Announcement: openSUSE-SU-2020:0272 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
SuSE Security Announcement: openSUSE-SU-2020:0284 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
SuSE Security Announcement: openSUSE-SU-2020:0558 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
SuSE Security Announcement: openSUSE-SU-2020:0565 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
XForce ISS Database: cacti-dim-command-execution(54473)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54473

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100365
Categoría:	Web application abuses
Título:	Cacti 'Linux - Get Memory Usage' RCE Vulnerability
Resumen:	Cacti is prone to a remote command-execution vulnerability because the; software fails to adequately sanitize user-supplied input.
Descripción:	Summary: Cacti is prone to a remote command-execution vulnerability because the software fails to adequately sanitize user-supplied input. Vulnerability Impact: Successful attacks can compromise the affected software and possibly the host. Solution: Update to version 0.8.7e or later. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4112 BugTraq ID: 37137 http://www.securityfocus.com/bid/37137 Bugtraq: 20091126 Cacti 0.8.7e: Multiple security issues (Google Search) http://www.securityfocus.com/archive/1/508129/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html http://www.openwall.com/lists/oss-security/2009/11/26/1 http://www.openwall.com/lists/oss-security/2009/11/30/2 SuSE Security Announcement: openSUSE-SU-2020:0272 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html SuSE Security Announcement: openSUSE-SU-2020:0284 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html SuSE Security Announcement: openSUSE-SU-2020:0558 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html SuSE Security Announcement: openSUSE-SU-2020:0565 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html XForce ISS Database: cacti-dim-command-execution(54473) https://exchange.xforce.ibmcloud.com/vulnerabilities/54473
Copyright	Copyright (C) 2009 Greenbone AG