CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Mar 9, 2023

CVE-2022-46169

High

CVSS 9.8EPSS 94.5%CISA KEVPoC Available

Cacti/Cacti

Description

Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.

CVSS Score

9.8/ 10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS — Exploit Probability

94.5%

Higher than 100.0% of all CVEs

Weakness Classification (CWE)

CWE-74CWE-74MITRE

Known Exploits

POC

https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216Patch https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9Patch https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52bPatch https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gfExploit https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216Patch https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9Patch https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52bPatch https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gfExploit

Required Action

https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf; https://nvd.nist.gov/vuln/detail/CVE-2022-46169

Risk Assessment

CRITICAL

In CISA KEV

Known exploit

Critical CVSS

High EPSS

Details

Severity: High
CVSS: 9.8
EPSS: 94.5%
CWE: CWE-74
Exploit: POC
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Feb 16, 2023

Added to KEV

Feb 16, 2023

Remediation Due

Mar 9, 2023

Affected Product

Cacti

Cacti

View all Cacti CVEs

External Links

NVD (NIST)CVE Details MITRE CVE