Description
Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Exploits (3)
exploitdb
WORKING POC
by Antonio Francesco Sardella · textwebappsphp
https://www.exploit-db.com/exploits/51740
nomisec
WORKING POC
2 stars
by jakabakos · poc
https://github.com/jakabakos/CVE-2023-39362-cacti-snmp-command-injection-poc
nomisec
WORKING POC
by m3ssap0 · poc
https://github.com/m3ssap0/cacti-rce-snmp-options-vulnerable-application
References (8)
Scores
CVSS v3
7.2
EPSS
0.8723
EPSS Percentile
99.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lab Environment
Details
CWE
CWE-78
CWE-77
Status
published
Products (3)
cacti/cacti
< 1.2.25
fedoraproject/fedora
37
fedoraproject/fedora
38
Published
Sep 05, 2023
Tracked Since
Feb 18, 2026