FortiGuard Labs is aware of a report that a recently patched vulnerability in the Cacti network monitoring and management suite is being exploited in the wild. The vulnerability (CVE-2022-46169) is a command injection vulnerability that allows a remote, unauthenticated user to execute arbitrary code on a server running vulnerable version of Cacti.Why is this Significant?This is significant because, although recently patched, CVE-2022-46169 is reported to have been exploited in the wild. The vulnerability is in Cacti, which is an open-source software for monitoring network devices and graphically displaying collected information.What is CVE-2022-46169?CVE-2022-46169 is a vulnerability in the Cacti network monitoring and management that a remote, unauthenticated attacker could exploit by sending a crafted HTTP request. Successful exploitation could result in arbitrary system command execution under the context of the target system.The vulnerability is rated critical and has a CVSS score of 9.8.Has the Vendor Released an Advisory for CVE-2022-46169?Yes, the advisory is publicly available. See the Appendix for a link to “Unauthenticated Command Injection”.What Version of Cacti is Vulnerable?The advisory released by Cacti lists 1.2.22 as a vulnerable version.Has the Vendor Released a Patch for CVE-2022-46169?Yes, the patch was released in v1.2.23 and v1.3.0 on December 5, 2022.What is the Status of Protection?FortiGuard Labs has the following IPS signature in place forCacti.remote_agent.php.Remote.Command.Execution (default action is set to “pass”)
