Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 24/11/2017 Updated: 11/12/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

auth_login.php in Cacti prior to 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti

CWE-264 https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697 https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846 http://www.cacti.net/release_notes_1_0_0.php http://bugs.cacti.net/view.php?id=2697 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-10700

Vulnerability Summary

References

Vulmon Search

About

Products

Connect