Bug 2280498 (CVE-2024-31458, CVE-2024-31459, CVE-2024-31460) - CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 cacti: multiple vulnerabilities
Summary: CVE-2024-31458 CVE-2024-31459 CVE-2024-31460 cacti: multiple vulnerabilities
Keywords:
Status: NEW
Alias: CVE-2024-31458, CVE-2024-31459, CVE-2024-31460
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2280499 2280500
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-05-15 00:21 UTC by Robb Gatica
Modified: 2024-05-15 00:21 UTC (History)
0 users

Fixed In Version: cacti 1.2.27
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Robb Gatica 2024-05-15 00:21:06 UTC 
CVE-2024-31458:
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.

https://github.com/Cacti/cacti/security/advisories/GHSA-jrxg-8wh8-943x

---
CVE-2024-31459:
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.

https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

---
CVE-2024-31460:
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()`  function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.

https://github.com/Cacti/cacti/security/advisories/GHSA-cx8g-hvq8-p2rv
https://github.com/Cacti/cacti/security/advisories/GHSA-gj3f-p326-gh8r
Comment 1 Robb Gatica 2024-05-15 00:21:21 UTC 
Created cacti tracking bugs for this issue:

Affects: epel-all [bug 2280499]
Affects: fedora-all [bug 2280500]
Note You need to log in before you can comment on or make changes to this bug.