CVE-2023-39362

HIGH LAB

Cacti < 1.2.25 - Authenticated Remote Code Execution via SNMP Device Options

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-39362. PoCs published by Antonio Francesco Sardella, jakabakos, m3ssap0.

AI-analyzed exploit summary This exploit demonstrates an authenticated command injection vulnerability in Cacti 1.2.24 via SNMP options, allowing remote code execution by injecting malicious commands into the SNMP Community String field.

Description

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Exploits (3)

exploitdb WORKING POC
by Antonio Francesco Sardella · textwebappsphp
https://www.exploit-db.com/exploits/51740

This exploit demonstrates an authenticated command injection vulnerability in Cacti 1.2.24 via SNMP options, allowing remote code execution by injecting malicious commands into the SNMP Community String field.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cacti 1.2.24
Auth required
Prerequisites: Authenticated access · Privileges to manage Devices/Graphs · Device supporting SNMP · Net-SNMP Graphs · PHP snmp module not installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by jakabakos · poc
https://github.com/jakabakos/CVE-2023-39362-cacti-snmp-command-injection-poc

This repository contains a functional exploit for CVE-2023-39362, an authenticated command injection vulnerability in Cacti's SNMP options. The exploit leverages a malicious SNMP community string to achieve remote code execution on the underlying server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cacti 1.2.24
Auth required
Prerequisites: Authenticated access to Cacti with privileged user rights · SNMP-enabled device configuration in Cacti
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by m3ssap0 · poc
https://github.com/m3ssap0/cacti-rce-snmp-options-vulnerable-application

This repository provides a vulnerable Dockerized Cacti v1.2.24 environment to test CVE-2023-39362, an authenticated command injection vulnerability via SNMP options. It includes detailed steps to reproduce the exploit, demonstrating RCE via crafted SNMP community strings.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Cacti v1.2.24
Auth required
Prerequisites: Authenticated access to Cacti · Privileged user role · SNMP-enabled device configuration
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp

Scores

CVSS v3 7.2
EPSS 0.8723
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull xeemetric/snmp-simulator

Details

CWE
CWE-78 CWE-77
Status published
Products (3)
cacti/cacti < 1.2.25
fedoraproject/fedora 37
fedoraproject/fedora 38
Published Sep 05, 2023
Tracked Since Feb 18, 2026