CVE-2019-17358

HIGH

Cacti < 1.2.7 - Out-of-Bounds Write

Title source: rule

Description

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

References (14)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

[Issue Tracking, Third Party Advisory] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358

[Exploit, Third Party Advisory] https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109

View Exploit ZIP pw:eip

[Product, Third Party Advisory] https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8

[Issue Tracking, Third Party Advisory] https://github.com/Cacti/cacti/issues/3026

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html

[Third Party Advisory] https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html

[Mailing List] https://seclists.org/bugtraq/2020/Jan/25

[Not Applicable] https://www.darkmatter.ae/xen1thlabs/

[Third Party Advisory] https://www.debian.org/security/2020/dsa-4604

[Third Party Advisory] https://security.gentoo.org/glsa/202003-40

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

Scores

CVSS v3 8.1

EPSS 0.0242

EPSS Percentile 84.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-502 CWE-787

Status published

Affected Products (3)

cacti/cacti < 1.2.7

debian/debian_linux

opensuse/leap

Timeline

Published Dec 12, 2019

Tracked Since Feb 18, 2026