Detections
Analytics
Debian DLA-2965-1 : cacti - LTS security update
critical Nessus Plugin ID 159321
Language:
Synopsis
The remote Debian host is missing one or more security-related updates.Description
The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-2965 advisory.- Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. (CVE-2018-10060)
- Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). (CVE-2018-10061)
- In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS. (CVE-2019-11025)
- In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). (CVE-2020-13230)
- Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. (CVE-2020-23226)
- Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). (CVE-2020-7106)
- Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the new_username field during creation of a new user via Copy method at user_admin.php.
(CVE-2021-23225)
- Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
(CVE-2022-0730)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Upgrade the cacti packages.For Debian 9 stretch, these problems have been fixed in version 0.8.8h+ds1-10+deb9u2.
See Also
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926700
https://security-tracker.debian.org/tracker/source-package/cacti
https://www.debian.org/lts/security/2022/dla-2965
https://security-tracker.debian.org/tracker/CVE-2018-10060
https://security-tracker.debian.org/tracker/CVE-2018-10061
https://security-tracker.debian.org/tracker/CVE-2019-11025
https://security-tracker.debian.org/tracker/CVE-2020-13230
https://security-tracker.debian.org/tracker/CVE-2020-23226
https://security-tracker.debian.org/tracker/CVE-2020-7106
https://security-tracker.debian.org/tracker/CVE-2021-23225
Plugin Details
Severity: Critical
ID: 159321
File Name: debian_DLA-2965.nasl
Version: 1.3
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 3/29/2022
Updated: 11/3/2023
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2022-0730
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:cacti, cpe:/o:debian:debian_linux:9.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/29/2022
Vulnerability Publication Date: 4/12/2018
Reference Information
CVE: CVE-2018-10060, CVE-2018-10061, CVE-2019-11025, CVE-2020-13230, CVE-2020-23226, CVE-2020-7106, CVE-2021-23225, CVE-2022-0730