17 January 2023

Multiple internet-facing Cacti servers vulnerable to actively exploited flaw


Multiple internet-facing Cacti servers vulnerable to actively exploited flaw

Thousands of internet-exposed Cacti installations are vulnerable to a critical security flaw that is being actively used in attacks, security researchers have warned.

Cacti is an open-source web-based network monitoring and graphing tool designed as a front-end application for the open-source, industry-standard data logging tool RRDtool.

Said vulnerability, tracked as CVE-2022-46169, is an improper authorization issue within the Remote Agent that can be exploited by remote hackers to execute arbitrary OS commands on the server by sending a specially crafted HTTP request to the affected instance. The security issue affects versions 1.2.22 and below.

The vulnerability was patched in early December 2022, and a month later, on January 3, 2023, The Shadowserver Foundation warned that it had detected the first exploitation attempts targeting CVE-2022-46169.

Censy’s researchers said they identified 6,400 internet-accessible Cacti hosts, out of these only 26 were running a patched version of the software.


Back to the list

Latest Posts

Free VPN apps on Google Play turned Android devices into residential proxies

Free VPN apps on Google Play turned Android devices into residential proxies

The threat actor behind this scheme profits by selling access to the residential proxy network to third parties.
28 March 2024
Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024