CVE-2023-30534: 
Cacti vulnerability analysis and mitigation

CVE-2023-30534 affects Cacti, an open source operational monitoring and fault management framework. The vulnerability was discovered in version 1.2.24 and involves two instances of insecure deserialization where the unserialize function is used without properly sanitizing user input. While Cacti has a 'safe' deserialization utility function, it wasn't used in these instances. The vulnerability was patched in version 1.2.25 (GitHub Advisory, NVD).

The vulnerability exists in two locations: graphsnew.php within the hostnewgraphssave function and managers.php within the form_actions function. Both instances use the unserialize function on user-controlled input without proper sanitization. The CVSS v3.1 base score is 4.3 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data) (NVD, GitHub Advisory).

While the vulnerability allows for insecure deserialization of user-controlled input, its actual impact is limited. Although a viable gadget chain exists in Cacti's vendor directory (phpseclib), the necessary gadgets are not included in a standard installation, making the insecure deserializations not exploitable in practice (GitHub Advisory, Fastly Blog).

The vulnerability has been fixed in Cacti version 1.2.25 and 1.3.0. Users are advised to upgrade to these or later versions. There are no known workarounds for this vulnerability (GitHub Advisory, Fastly Blog).