Published: 12/12/2019 Updated: 24/08/2020

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Cacti up to and including 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti
debian debian linux 8.0
opensuse leap 42.3

Debian Bug report logs - #947375 cacti: CVE-2019-17358 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 25 Dec 2019 21:30:02 UTC Severity: important Tags: security, upstream Found in version ca ...

Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users CVE-2019-16723 Authenticated users may bypass authorization checks for viewing a graph by submitting requests with modified local_graph_id parameters CVE-2019-17357 The gra ...

CWE-787 CWE-502 https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109 https://github.com/Cacti/cacti/issues/3026 https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8 https://www.darkmatter.ae/xen1thlabs/https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358 https://www.debian.org/security/2020/dsa-4604 https://seclists.org/bugtraq/2020/Jan/25 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html https://security.gentoo.org/glsa/202003-40 http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947375 https://www.debian.org/security/2020/dsa-4604 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-17358

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect