Vulnerability identifier: #VU70426

Vulnerability risk: Critical

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2022-46169

CWE-ID: CWE-285

Exploitation vector: Network

Exploits in database: 26

• September 11, 2023
  • CVE-2022-46169-Exploit () [Github]
  • PricklyPwn (An advanced RCE tool tailored for exploiting a vulnerability in Cacti v1.2.22. Crafted with precision, this utility aids security researchers in analyzing and understanding the depth of the CVE-2022-46169 flaw. Use responsibly and ethically.) [Github]
• August 8, 2023
  • PoCs (Containing PoC's) [Github]
• June 6, 2023
  • CVE-2022-46169_POC (RCE POC for CVE-2022-46169) [Github]
• May 14, 2023
  • CVE-2022-46169 (Exploit for cacti version 1.2.22) [Github]
  • ImprovedShell-for-CVE-2022-46169 (This Python script aids in exploiting CVE-2022-46169 by automating payload delivery and response handling. It starts an HTTP server, listens for requests, and enables command input for real-time interaction with a vulnera [Github]
  • CVE-Scripts (Containing PoC's) [Github]
• May 7, 2023
  • CVE-2022-46169 (? Python Exploit for CVE-2022-46169) [Github]
• May 4, 2023
  • CVE-2022-46169 (CVE-2022-46169) [Github]
  • CVE-2022-46169 (Proof of concept / CTF script for exploiting CVE-2022-46169 in Cacti, versions >=1.2.22) [Github]
• May 2, 2023
  • CVE-2022-46169 (Exploit for cacti version 1.2.22) [Github]
  • CVE-2022-46169-CACTI-1.2.22 (This is a exploit of CVE-2022-46169 to cacti 1.2.22. This exploit allows through an RCE to obtain a reverse shell on your computer.) [Github]
  • RCE-Cacti-1.2.22 (Este es un código del exploit CVE-2022-46169, que recree utilizando Python3! Si por ahí estás haciendo una máquina de HTB, esto te puede ser útil... ?✨ ) [Github]
• May 1, 2023
  • cacti-CVE-2022-46169 (Exploit for cacti version 1.2.22) [Github]
• April 30, 2023
  • CVE-2022-46169_unauth_remote_code_execution (Unauthenticated Remote Code Execution through authentication bypass and command injection in Cacti < 1.2.23 and < 1.3.0) [Github]
• April 13, 2023
  • CVE-2022-46169 (Fixed exploit for CVE-2022-46169 (originally from https://www.exploit-db.com/exploits/51166)) [Github]
• April 3, 2023
  • cacti-rce-cve-2022-46169-vulnerable-application (WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2022-46169). Run it at your own risk!) [Github]
• March 31, 2023
  • CVE-2022-46169 (CVE-2022-46169) [Github]
• March 13, 2023
  • cacti-cve-2022-46169-exploit (This is poc of CVE-2022-46169 authentication bypass and remote code execution) [Github]
• January 23, 2023
  • Cacti 1.2.22 unauthenticated command injection [Metasploit]
• January 16, 2023
  • CVE-2022-46169 (Cacti: Unauthenticated Remote Code Execution Exploit in Ruby ) [Github]
• January 14, 2023
  • CVE-2022-46169 (Exploit to CVE-2022-46169 vulnerability) [Github]
• January 5, 2023
  • CVE-2022-46169 (PoC for CVE-2022-46169 - Unauthenticated RCE on Cacti <= 1.2.22) [Github]
• January 3, 2023
  • CVE-2022-46169 (Cacti Unauthenticated Command Injection) [Github]
• December 19, 2022
  • CVE-2022-46169 (CVE-2022-46169 - Cacti Blind Remote Code Execution (Pre-Auth)) [Github]
  • CVE-2022-46169 (CVE-2022-46169 Cacti remote_agent.php Unauthenticated Command Injection.) [Github]

Impact: Code execution

Vulnerable software:
Cacti
Web applications / Other software

Vendor: The Cacti Group, Inc.