VDB
CVE-2023-49085
CVE-2023-49085
PUBLISHED
Es bestehen mehrere Schwachstellen in Cacti. Diese Fehler bestehen aufgrund eines SQL Injection Problems in der SNMP Notification Receivers Funktion und in der pollers.php Datei. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um vertrauliche Informationen offenzulegen, Dateien zu manipulieren und beliebigen Code auszuführen.
EPSS 91.40% · 99.7th percentile
Risk Scores
EPSS Score
91.40%
99.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | |
| Fedora | Fedora Linux | |
| Amazon | Amazon Linux 2 |
Timeline
- Dec 20, 2023 Metasploit Module
- Dec 22, 2023 CVE Published
- Dec 22, 2023 PoC Published
- Dec 23, 2023 EPSS Score
- Dec 28, 2023 PoC Published
- Dec 29, 2023 PoC Published
- Jan 21, 2024 EPSS Score
- Feb 2, 2024 PoC Published
- Feb 5, 2024 PoC Published
- Feb 19, 2024 EPSS Score
- Apr 16, 2024 EPSS Score
- May 15, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3221.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3221 advisory
- https://alas.aws.amazon.com/ALAS-2024-1915.html advisory
- https://www.cacti.net/info/changelog/1.2.26 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2255601 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2255605 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2255645 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2255666 advisory
- https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html advisory
- https://lists.debian.org/debian-security-announce/2024/msg00054.html advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-17176c2215 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-d0445178a9 advisory
- https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-4ea9ddc0f7 advisory