RCE Cacti
Presentation
A user with permissions to access Cacti can inject SHELL commands resulting in an authenticated remote shell. We can then obtain a shell in ROOT.
Exploit
We have no knowledge of an exploit today.
Impacted Version(s)
EON 4.2+ EON 5.0+
Fixed Version(s)
Fix
Download latest cacti0 fixed version.