Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerabilities in Cacti
Alerts

Critical Vulnerabilities in Cacti

28 May 2024

Cacti has released security updates addressing critical vulnerabilities in their products. 

The vulnerabilities are:

  • CVE-2024-29895: Successful exploitation of this vulnerability could allow an unauthenticated attacker to perform remote code execution. The vulnerability has a maximum Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10.

  • CVE-2024-25641: Successful exploitation of this vulnerability could allow an authenticated attacker with the "import templates" permission to write arbitrary files or execute malicious PHP code on an affected server. The vulnerability has a CVSSv3.1 score of 9.1 out of 10.

  • CVE-2024-34340: Successful exploitation of this vulnerability could allow an attacker to bypass authentication and gain access to an affected server. The vulnerability has a CVSSv3.1 score of 9.1 out of 10.

The critical vulnerabilities affect versions of Cacti prior to 1.2.27.

Users and administrators of affected product versions are advised to update to the latest version immediately.

More information is available here:

https://www.cacti.net/info/changelog

Back to top