Plataforma
php
Componente
cacti
Corrigido em
1.2.28
CVE-2024-34340 describes an authentication bypass vulnerability in Cacti, a network monitoring and fault management framework. This flaw allows attackers to potentially bypass password verification, leading to unauthorized access to the system. The vulnerability affects versions of Cacti prior to 1.2.27 and is resolved with an upgrade to version 1.2.27.
The core of this vulnerability lies in Cacti's password handling process. Specifically, the compatpasswordhash and compatpasswordverify functions are used inconsistently, falling back to MD5 hashing when more secure methods like password_verify are unavailable (due to PHP versions < 5.5.0). This means an attacker can craft a password that, when hashed using MD5, matches a legitimate user's MD5-hashed password stored in the database, effectively bypassing authentication. Successful exploitation grants an attacker full access to the Cacti interface, enabling them to modify configurations, view sensitive network data, and potentially pivot to other systems within the network. The impact is particularly severe given Cacti's role in network monitoring, where compromised credentials could lead to widespread disruption and data breaches.
CVE-2024-34340 was publicly disclosed on May 13, 2024. Its CVSS score of 9.1 (CRITICAL) reflects the ease of exploitation and the potential impact. While no public proof-of-concept (PoC) has been widely released, the vulnerability's simplicity suggests it is likely to be exploited. It is not currently listed on CISA KEV, but given the severity, it is possible it will be added in the future. Active campaigns targeting Cacti are not currently confirmed, but the vulnerability's high severity warrants proactive monitoring.
Organizations heavily reliant on Cacti for network monitoring are particularly at risk. This includes managed service providers (MSPs) hosting Cacti instances for multiple clients, as a single compromised instance could impact numerous customers. Systems with legacy PHP installations (< 5.5.0) are also at heightened risk, as they are more likely to be vulnerable to this bypass.
• linux / server:
journalctl -u cacti | grep -i password• generic web:
curl -I http://your-cacti-server/ | grep Server(Check for Cacti version string to identify vulnerable instances) • php:
php -m | grep password(Verify PHP version is >= 5.5.0)
disclosure
Status do Exploit
EPSS
0.84% (percentil 75%)
Vetor CVSS
The primary mitigation for CVE-2024-34340 is to immediately upgrade Cacti to version 1.2.27 or later. If an immediate upgrade is not feasible due to compatibility concerns or testing requirements, consider implementing temporary workarounds. While no perfect workaround exists, restricting access to the password change functionality and closely monitoring login attempts for suspicious activity can help reduce the risk. Ensure PHP version 5.5.0 or higher is used to leverage the more secure password hashing functions. After upgrading, confirm the fix by attempting to authenticate with a known, strong password and verifying that the password change functionality behaves as expected.
Atualize Cacti para a versão 1.2.27 ou superior. Esta versão corrige a vulnerabilidade de omissão de autenticação causada pela comparação fraca de hashes MD5. A atualização garante que comparações seguras sejam utilizadas para a verificação de senhas.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-34340 is a critical vulnerability in Cacti versions prior to 1.2.27 that allows attackers to bypass password verification due to inconsistent hashing function usage, potentially granting unauthorized access.
You are affected if you are running Cacti versions 1.2.27 or earlier. Immediately upgrade to version 1.2.27 to mitigate the risk.
The recommended fix is to upgrade Cacti to version 1.2.27 or later. If immediate upgrade is not possible, consider temporary workarounds like restricting password change access and monitoring login attempts.
While no active campaigns are currently confirmed, the vulnerability's simplicity and high severity suggest it is likely to be exploited. Proactive monitoring is recommended.
Refer to the official Cacti security advisory for detailed information and updates: https://assets.cacti.net/misc/security_advisories/advisory-2024-002.txt
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.