प्लेटफ़ॉर्म
php
घटक
cacti
में ठीक किया गया
1.2.28
CVE-2024-34340 describes an authentication bypass vulnerability in Cacti, a network monitoring and fault management framework. This flaw allows attackers to potentially bypass password verification, leading to unauthorized access to the system. The vulnerability affects versions of Cacti prior to 1.2.27 and is resolved with an upgrade to version 1.2.27.
The core of this vulnerability lies in Cacti's password handling process. Specifically, the compatpasswordhash and compatpasswordverify functions are used inconsistently, falling back to MD5 hashing when more secure methods like password_verify are unavailable (due to PHP versions < 5.5.0). This means an attacker can craft a password that, when hashed using MD5, matches a legitimate user's MD5-hashed password stored in the database, effectively bypassing authentication. Successful exploitation grants an attacker full access to the Cacti interface, enabling them to modify configurations, view sensitive network data, and potentially pivot to other systems within the network. The impact is particularly severe given Cacti's role in network monitoring, where compromised credentials could lead to widespread disruption and data breaches.
CVE-2024-34340 was publicly disclosed on May 13, 2024. Its CVSS score of 9.1 (CRITICAL) reflects the ease of exploitation and the potential impact. While no public proof-of-concept (PoC) has been widely released, the vulnerability's simplicity suggests it is likely to be exploited. It is not currently listed on CISA KEV, but given the severity, it is possible it will be added in the future. Active campaigns targeting Cacti are not currently confirmed, but the vulnerability's high severity warrants proactive monitoring.
Organizations heavily reliant on Cacti for network monitoring are particularly at risk. This includes managed service providers (MSPs) hosting Cacti instances for multiple clients, as a single compromised instance could impact numerous customers. Systems with legacy PHP installations (< 5.5.0) are also at heightened risk, as they are more likely to be vulnerable to this bypass.
• linux / server:
journalctl -u cacti | grep -i password• generic web:
curl -I http://your-cacti-server/ | grep Server(Check for Cacti version string to identify vulnerable instances) • php:
php -m | grep password(Verify PHP version is >= 5.5.0)
disclosure
एक्सप्लॉइट स्थिति
EPSS
0.84% (75% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-34340 is to immediately upgrade Cacti to version 1.2.27 or later. If an immediate upgrade is not feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While no perfect workaround exists, restricting access to the password change functionality and closely monitoring login attempts for suspicious activity can help reduce the risk. Ensure PHP version 5.5.0 or higher is used to leverage the more secure password hashing functions. After upgrading, confirm the fix by attempting to authenticate with a known, strong password and verifying that the password change functionality behaves as expected.
Cacti को संस्करण 1.2.27 या उच्चतर में अपडेट करें। यह संस्करण MD5 हैश की कमजोर तुलना के कारण प्रमाणीकरण बाईपास भेद्यता को ठीक करता है। अपडेट पासवर्ड सत्यापन के लिए सुरक्षित तुलना का उपयोग सुनिश्चित करता है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-34340 is a critical vulnerability in Cacti versions prior to 1.2.27 that allows attackers to bypass password verification due to inconsistent hashing function usage, potentially granting unauthorized access.
You are affected if you are running Cacti versions 1.2.27 or earlier. Immediately upgrade to version 1.2.27 to mitigate the risk.
The recommended fix is to upgrade Cacti to version 1.2.27 or later. If immediate upgrade is not possible, consider temporary workarounds like restricting password change access and monitoring login attempts.
While no active campaigns are currently confirmed, the vulnerability's simplicity and high severity suggest it is likely to be exploited. Proactive monitoring is recommended.
Refer to the official Cacti security advisory for detailed information and updates: https://assets.cacti.net/misc/security_advisories/advisory-2024-002.txt
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।