CVE-2009-4112
Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 30 Nov 2009, 21:00
Last modified:07 Aug 2024, 06:54
Vulnerability Summary
Overall Risk (default)
high
70/100 CVSS Score
9 HIGH
v2.0 (nvd)
EPSS Score
7.99% LOW
8% probability -0.44%
KEV
Not listed
Ransomware
No reports
Public exploits
3 found
Dark Web
Not detected
Timeline
30 Nov 2009, 21:00
Published
Vulnerability first disclosed
07 Aug 2024, 06:54
Last Modified
Vulnerability information updated
Description
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
CVSS Metrics
- v2.0•HIGH•Score: 9AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS Trends
Current EPSS score: 7.99%• Percentile: 92%
Techniques & Countermeasures
- CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
Affected Systems
- Unknown•Cacti
≤ 0.8.7e | 0.6.7 | 0.8 | 0.8.1 | 0.8.2 | 0.8.2a | 0.8.3 | 0.8.3a | 0.8.4 | 0.8.5 | 0.8.5a | 0.8.6c | 0.8.6f | 0.8.6i | 0.8.7 | 0.8.7a
References (10)
- http://www.securityfocus.com/archive/1/508129/100/0/threaded
- http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html
- http://www.openwall.com/lists/oss-security/2009/11/30/2
- http://www.openwall.com/lists/oss-security/2009/11/26/1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54473
- http://www.securityfocus.com/bid/37137
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html