CVE-2023-39362: 
Cacti vulnerability analysis and mitigation

A command injection vulnerability (CVE-2023-39362) was discovered in Cacti version 1.2.24. The vulnerability affects authenticated privileged users who can exploit malicious strings in the SNMP options of a Device to achieve remote code execution on the underlying server. This vulnerability was disclosed on September 5, 2023, and has been assigned a CVSS score of 7.2 (High) (GitHub Advisory).

The vulnerability exists in the lib/snmp.php file, which contains functions that accept input variables and place them into an exec call without proper escape or validation. The affected functions include cactisnmpget, cactisnmpgetraw, cactisnmpgetnext, and cactisnmpwalk. The security flaw stems from insufficient validation of the $community parameter in the cactisnmpoptionssanitize function, where only a comparison with an empty string is performed when SNMP version is not 3. The vulnerability can be exploited when the snmp module of PHP is not installed, which is considered optional during Cacti installation (GitHub Advisory).

If successfully exploited, this vulnerability allows an authenticated privileged user to execute arbitrary commands on the underlying server where Cacti is installed. This could potentially lead to complete system compromise and provide attackers with the ability to reach other monitored hosts (GitHub Advisory).

The vulnerability has been patched in Cacti version 1.2.25. Users are strongly advised to upgrade to this version or later. The issue has also been addressed in version 1.3.0. Various Linux distributions have released security updates to address this vulnerability, including Debian and Fedora (Debian Security, Fedora Update).