CVE-2022-0730: 
Cacti vulnerability analysis and mitigation

CVE-2022-0730 is a security vulnerability discovered in Cacti, a web interface for graphing of monitoring systems. The vulnerability was reported in February 2022 and affects Cacti's authentication mechanism. Under certain LDAP conditions, Cacti authentication can be bypassed with certain credential types, specifically when LDAP anonymous binding is enabled (Cacti Issue, Debian Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a severe security issue. The vulnerability is classified under CWE-287 (Improper Authentication) and specifically occurs in environments where LDAP authentication is configured with anonymous binding enabled (NVD).

The vulnerability allows attackers to bypass Cacti's authentication mechanisms under specific LDAP configurations. This could lead to unauthorized access to the system, potentially allowing attackers to view sensitive monitoring data, modify system configurations, or gain administrative access to the Cacti installation (Debian LTS).

The vulnerability has been fixed in Cacti version 1.2.20. Various Linux distributions have also released security updates to address this vulnerability: Debian 9 (Stretch) fixed in version 0.8.8h+ds1-10+deb9u2, Debian 10 (Buster) fixed in version 1.2.2+ds1-2+deb10u5, and Debian 11 (Bullseye) fixed in version 1.2.16+ds1-2+deb11u1. Fedora has also released updates for versions 34, 35, and 36 (Debian Advisory, Fedora Update).