CVE-2020-8813: 
Cacti vulnerability analysis and mitigation

CVE-2020-8813 affects Cacti version 1.2.8, a web interface for graphing of monitoring systems. The vulnerability was discovered in February 2020 and allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege (NVD, Shells Systems).

The vulnerability exists in the graphrealtime.php file where user-controlled input from a cookie value is passed to shellexec function after being concatenated with other strings. The exploit chain requires enabling the 'Guest' view for the graph_realtime.php page and then sending a malicious request to achieve code execution. The attack can be executed by injecting custom strings into the session value using specific payload formatting to bypass restrictions, such as using ${IFS} bash variable to represent spaces (Shells Systems).

When successfully exploited, this vulnerability allows attackers to execute arbitrary commands on the target system with the permissions of the web server user. The vulnerability can be exploited both in authenticated and unauthenticated scenarios if the 'Guest Realtime Graphs' privilege is enabled (Shells Systems).

The vulnerability was patched in Cacti version 1.2.11. Users are advised to upgrade to this version or later. For Debian systems, the fix was included in version 1.2.2+ds1-2+deb10u5. Various Linux distributions have released security updates to address this vulnerability (Gentoo Security, Debian LTS).