Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2023-1675

Related Vulnerabilities: CVE-2022-46169  

A flaw was found in how Cacti grants authorization based on IP address which allows authentication bypass, and possibly arbitrary command execution if a poller_item configured with a POLLER_ACTION_SCRIPT_PHP action is present. This updated cacti package adds a feature allowing an administrator to explicitly list headers suitable for use in client authentication. This option is not currently enabled by default in order to preserve compatibility but may be set by default in a future release. This is consistent with the latest upstream cacti releases (1.2.23 and 1.3.0). Additional details can be found here: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf In order to mitigate the authentication bypass customers must set the new $proxy_headers configuration option in /etc/cacti/db.php appropriately for their environment by either setting it to false or an array of the headers for cacti to trust. Additionally, customers are strongly recommended to: 1. Consider using user authentication via a reverse proxy front end like httpd or nginx2. Cacti administrators should configure the client-facing web server or reverse proxy to strip any trusted headers provided by untrusted sources, to prevent them from reaching the Cacti server and being used to bypass the authentication process.

Source

ALAS-2023-1675

Amazon Linux AMI Security Advisory: ALAS-2023-1675
Advisory Release Date: 2023-01-19 20:10 Pacific
Advisory Updated Date: 2023-01-24 18:09 Pacific
Severity: Critical
References: CVE-2022-46169 
Issue Overview:

A flaw was found in how Cacti grants authorization based on IP address which allows authentication bypass, and possibly arbitrary command execution if a poller_item configured with a POLLER_ACTION_SCRIPT_PHP action is present.

This updated cacti package adds a feature allowing an administrator to explicitly list headers suitable for use in client authentication. This option is not currently enabled by default in order to preserve compatibility but may be set by default in a future release. This is consistent with the latest upstream cacti releases (1.2.23 and 1.3.0). Additional details can be found here: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

In order to mitigate the authentication bypass customers must set the new $proxy_headers configuration option in /etc/cacti/db.php appropriately for their environment by either setting it to false or an array of the headers for cacti to trust.

Additionally, customers are strongly recommended to:

1. Consider using user authentication via a reverse proxy front end like httpd or nginx
2. Cacti administrators should configure the client-facing web server or reverse proxy to strip any trusted headers provided by untrusted sources, to prevent them from reaching the Cacti server and being used to bypass the authentication process.


Affected Packages:

cacti


Issue Correction:
Run yum update cacti to update your system.

New Packages:
noarch:
    cacti-1.1.19-2.20.amzn1.noarch

src:
    cacti-1.1.19-2.20.amzn1.src

Additional References

Red Hat: CVE-2022-46169

Mitre: CVE-2022-46169

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started