Main Vulnerability Database Vulnerabilities #VU54527

#VU54527 Session Fixation in Cacti

Published: July 5, 2021

Vulnerability identifier: #VU54527

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-384

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Cacti

Software vendor:
The Cacti Group, Inc.

Description

The vulnerability allows a remote attacker to compromise victim's account.

The vulnerability exists due to software does not always invalidates session identifier after user logs out. A remote attacker can re-use the session ID to gain unauthorized access to the application.

Note, the vulnerability requites that cacti is installed on PHP 5.x.

Remediation

Install updates from vendor's website.

External links

https://github.com/Cacti/cacti/releases/tag/release/1.2.18
https://github.com/Cacti/cacti/pull/4282

#VU54527 Session Fixation in Cacti

Description

Remediation

External links

Please verify you're human