ID CVE-2014-2328
Summary lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
References
Vulnerable Configurations
  • Fedora 19
    cpe:2.3:o:fedoraproject:fedora:19
  • Fedora 20
    cpe:2.3:o:fedoraproject:fedora:20
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 6.5 (as of 25-08-2016 - 12:56)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family CGI abuses
    NASL id CACTI_088C.NASL
    description According to its self-reported version number, the Cacti application running on the remote web server is prior to version 0.8.8c. It is, therefore, potentially affected by the following vulnerabilities : - Multiple XSS vulnerabilities exist in the 'step' parameter to 'install/index.php' and the 'id' parameter in 'cacti/host.php'. (CVE-2013-5588) - A SQL injection vulnerability in the 'id' parameter to 'cacti/host.php' could allow remote attackers to inject arbitrary SQL commands. (CVE-2013-5589) - An XSS vulnerability exists via unspecified vectors to 'cdef.php'. (CVE-2014-2326) - A XSRF vulnerability exists that allows remote attackers to hijack the authentication of users for unspecified commands. (CVE-2014-2327) - A flaw exists in 'lib/graph_export.php' that allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors. (CVE-2014-2328) - Multiple SQL injection vulnerabilities exist in 'graph_xport.php' which allow remote attackers to inject arbitrary SQL commands. (CVE-2014-2708) - Improper escaping of shell metacharacters in unspecified parameters allows remote attackers to execute arbitrary commands. (CVE-2014-2709) - Multiple XSS vulnerabilities exist that allow attackers to inject arbitrary script data using the 'drp_action', 'graph_template_input_id', and 'graph_template_id' parameters to various PHP scripts. (CVE-2014-4002) - A XSS vulnerability exists in 'data_sources.php' which allows a remote, authenticated user with console access to inject arbitrary script data via the 'name_cache' parameter in a ds_edit action. (CVE-2014-5025) - Multiple XSS vulnerabilities exists that allow attackers to inject arbitrary script data via 'Graph Tree Title', 'CDEF Name', 'Data Input Method Name', 'Host Templates Name', 'Data Source Title', 'Graph Title', or 'Graph Template Name' when carried out under delete, edit, or duplicate actions. (CVE-2014-5026)
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 81603
    published 2015-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81603
    title Cacti < 0.8.8c Multiple Vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-4928.NASL
    description Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 73602
    published 2014-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73602
    title Fedora 19 : cacti-0.8.8b-5.fc19 (2014-4928)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-331.NASL
    description cacti was patched to fix several security issues : - CVE-2013-5588: XSS injection vulnerability - CVE-2013-5589: SQL injection vulnerability - CVE-2014-2326: XSS injection vulnerability - CVE-2014-2328: Remote Command Execution Vulnerability - CVE-2014-2708: SQL Injection Vulnerability - CVE-2014-2709: Remote Command Execution Vulnerability cacti-spine was updated to 0.8.8b to fix the following issue : - bug: set appropriate mysql 5.5+ timeouts
    last seen 2019-01-03
    modified 2019-01-02
    plugin id 75341
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75341
    title openSUSE Security Update : cacti (openSUSE-SU-2014:0600-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2970.NASL
    description Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76299
    published 2014-06-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76299
    title Debian DSA-2970-1 : cacti - security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201509-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201509-03 (Cacti: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in cacti. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-09-25
    plugin id 86134
    published 2015-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86134
    title GLSA-201509-03 : Cacti: Multiple vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2014-347.NASL
    description Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users. Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters. Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78290
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78290
    title Amazon Linux AMI : cacti (ALAS-2014-347)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-221.NASL
    description cacti was updated to version 0.8.8c [boo#920399] This update fixes four vulnerabilities and adds some compatible features. - Security fixes not previously patched : - CVE-2014-2326 - XSS issue via CDEF editing - CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability - CVE-2014-2328 - Remote Command Execution Vulnerability in graph export - CVE-2014-4002 - XSS issues in multiple files - CVE-2014-5025 - XSS issue via data source editing - CVE-2014-5026 - XSS issues in multiple files - Security fixes now upstream : - CVE-2013-5588 - XSS issue via installer or device editing - CVE-2013-5589 - SQL injection vulnerability in device editing New features : - New graph tree view - Updated graph list and graph preview - Refactor graph tree view to remove GPL incompatible code - Updated command line database upgrade utility - Graph zooming now from everywhere
    last seen 2019-02-21
    modified 2015-03-12
    plugin id 81765
    published 2015-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81765
    title openSUSE Security Update : cacti (openSUSE-2015-221)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_A0E74731181B11E5A1CF002590263BF5.NASL
    description The Cacti Group, Inc. reports : Important Security Fixes - CVE-2013-5588 - XSS issue via installer or device editing - CVE-2013-5589 - SQL injection vulnerability in device editing - CVE-2014-2326 - XSS issue via CDEF editing - CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability - CVE-2014-2328 - Remote Command Execution Vulnerability in graph export - CVE-2014-4002 - XSS issues in multiple files - CVE-2014-5025 - XSS issue via data source editing - CVE-2014-5026 - XSS issues in multiple files
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 84323
    published 2015-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84323
    title FreeBSD : cacti -- multiple security vulnerabilities (a0e74731-181b-11e5-a1cf-002590263bf5)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-4892.NASL
    description Patches for four CVEs. This update fixes SQL injection, shell escaping issues, a stored XSS attack, and use of exec-like function calls without safety checks allowing arbitrary command execution. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 73600
    published 2014-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73600
    title Fedora 20 : cacti-0.8.8b-5.fc20 (2014-4892)
refmap via4
bid 66387
bugtraq 20140324 Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti
confirm
debian DSA-2970
fedora
  • FEDORA-2014-4892
  • FEDORA-2014-4928
gentoo GLSA-201509-03
secunia 59203
suse openSUSE-SU-2015:0479
Last major update 21-12-2016 - 21:59
Published 23-04-2014 - 11:55
Last modified 13-12-2018 - 13:22
Back to Top