17 January 2023

Multiple internet-facing Cacti servers vulnerable to actively exploited flaw


Multiple internet-facing Cacti servers vulnerable to actively exploited flaw

Thousands of internet-exposed Cacti installations are vulnerable to a critical security flaw that is being actively used in attacks, security researchers have warned.

Cacti is an open-source web-based network monitoring and graphing tool designed as a front-end application for the open-source, industry-standard data logging tool RRDtool.

Said vulnerability, tracked as CVE-2022-46169, is an improper authorization issue within the Remote Agent that can be exploited by remote hackers to execute arbitrary OS commands on the server by sending a specially crafted HTTP request to the affected instance. The security issue affects versions 1.2.22 and below.

The vulnerability was patched in early December 2022, and a month later, on January 3, 2023, The Shadowserver Foundation warned that it had detected the first exploitation attempts targeting CVE-2022-46169.

Censy’s researchers said they identified 6,400 internet-accessible Cacti hosts, out of these only 26 were running a patched version of the software.


Back to the list

Latest Posts

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

Russia-linked Nodaria APT adds new Graphiron infostealer to its toolkit

The new infostealer was observed in attacks targeting Ukrainian organizations.
8 February 2023
CISA releases tool to recover encrypted VMware ESXi servers

CISA releases tool to recover encrypted VMware ESXi servers

According to CISA’s list of bitcoin addresses, over 2,800 ESXi servers have been encrypted to date.
8 February 2023
Threat actors target Ukrainian government agencies with Remcos spyware

Threat actors target Ukrainian government agencies with Remcos spyware

The attack involves a phishing email ostensibly sent by Ukrtelecom, a major Ukrainian internet service provider.
8 February 2023