January 14, 2023Rabbi LakshmananServer security/patch management

The majority of Cacti servers exposed to the internet are unpatched due to a critical security vulnerability that was recently patched.

This is according to attack surface management platform Censys: found Only 26 out of a total of 6,427 servers patched version Cactus (1.2.23 and 1.3.0).

of problem of the problem CVE-2022-46169 (CVSS score: 9.8), a combination of authentication bypass and command injection allows unauthenticated users to execute arbitrary code in affected versions of open source web-based monitoring solutions.

Details of this flaw, which affects versions 1.2.22 and below, were first revealed by SonarSource. This flaw was reported to the project manager on December 2nd, 2022.

“Hostname-based authentication checks are not securely implemented in most installations of Cacti,” said SonarSource researcher Stefan Schiller. I got it Earlier this month, I added “Unsanitized user input propagates into the string used to execute the external command.”

Vulnerability disclosure has also resulted in “exploitation attempts.” shadow server foundation When gray noise So far, we’ve seen warnings of malicious attacks originating from one IP address located in Ukraine.

The majority of unpatched versions (1,320) are in Brazil, followed by Indonesia, the United States, China, Bangladesh, Russia, Ukraine, the Philippines, Thailand, and the United Kingdom.

Actively Exploiting SugarCRM Vulnerability to Drop Web Shell

Development comes as SugarCRM Fixes shipped For the disclosed vulnerability being actively weaponized to drop a PHP-based web shell on 354 unique hosts, Censys Said with independent recommendations.

Bug tracked as CVE-2023-22952is concerned with cases of missing input validation that can lead to the injection of arbitrary PHP code. This has been addressed in SugarCRM versions 11.0.5 and 12.0.2.

The attack detailed by Censys uses a web shell as a conduit to execute additional commands on the infected machine with the same privileges as the user running the web service. The majority of infections have been reported in the United States, Germany, Australia, France, and the United Kingdom.

Malicious actors often take advantage of newly disclosed vulnerabilities to carry out attacks. Therefore, it is imperative that the user plugs security her holes quickly.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog