Cacti is an open source web application that allows you to build graphs using RRDTool. Cacti collects statistics for certain temporary intervals and allows you to display it in graphic form.
Censys has been able to find that most of Cacti Internet servers are affected by critical vulnerability under the identifier cve- 2022-46169 , which is actively exploited in the wild.
The gap in protection allows unauthorized users to injure commands with the subsequent execution of arbitrary code if a certain source of data was selected on the victim’s device. And the reason for all problems is the “Remote_agent.php” file, which can be accessed by any unauthorized user. It is known that vulnerability affects all versions of Cacti to 1.2.23.
Researchers note that most Internet servers are running outdated versions of software, and the corrected version is installed only on 26 servers.
Vulnerability was discovered by Sonarsource researchers, who provided Detailed information about the problem and published Poc-video.
According to Shadowserver analysts, hackers actively use vulnerability from January 3, 2023 and during some attacks used it to deploy malicious software on unprotected nodes.