Main Vulnerability Database Exploits ID:8954 - Exploit for Improper Authorization in Cacti - CVE-2022-46169

ID:8954 - Exploit for Improper Authorization in Cacti - CVE-2022-46169

Published: April 3, 2023

Vulnerability identifier: #VU70426

Vulnerability risk: Critical

CVE-ID: CVE-2022-46169

CWE-ID: CWE-285

Exploitation vector: Remote access

Vulnerable software:
Cacti

Link to public exploit:

https://github.com/m3ssap0/cacti-rce-cve-2022-46169-vulnerable-application

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient authorization within the Remote Agent when handling HTTP requests with a custom Forwarded-For HTTP header. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server.

Remediation

Install updates from vendor's website.

ID:8954 - Exploit for Improper Authorization in Cacti - CVE-2022-46169

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human