CVE-2010-1645
Vulnerability Summary
Timeline
Description
Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.
CVSS Metrics
- v2.0•MEDIUM•Score: 6.5AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS Trends
Current EPSS score: 2.79%• Percentile: 86%
Techniques & Countermeasures
- CWE-20•Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Systems
- Unknown•Cacti
≤ 0.8.7e | 0.5 | 0.6 | 0.6.1 | 0.6.2 | 0.6.3 | 0.6.4 | 0.6.5 | 0.6.6 | 0.6.7 | 0.6.8 | 0.6.8a | 0.8 | 0.8.1 | 0.8.2 | 0.8.2a | 0.8.3 | 0.8.3a | 0.8.4 | 0.8.5 | 0.8.5a | 0.8.6 | 0.8.6a | 0.8.6b | 0.8.6c | 0.8.6d | 0.8.6f | 0.8.6g | 0.8.6h | 0.8.6i | 0.8.6j | 0.8.6k | 0.8.7 | 0.8.7a | 0.8.7b | 0.8.7c | 0.8.7d
References (10)
- http://svn.cacti.net/viewvc?view=rev&revision=5778
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
- http://secunia.com/advisories/41041
- http://www.cacti.net/release_notes_0_8_7f.php
- https://rhn.redhat.com/errata/RHSA-2010-0635.html
- http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php
- http://www.vupen.com/english/advisories/2010/2132
- http://svn.cacti.net/viewvc?view=rev&revision=5782
- https://bugzilla.redhat.com/show_bug.cgi?id=609115
- http://svn.cacti.net/viewvc?view=rev&revision=5784