Hackers Exploit Cacti Critical Bug to Install Malware and Open Reverse Shells

Enterprotect, a cybersecurity company, is issuing a threat advisory regarding a critical security issue in Cacti, a network device monitoring tool that also provides graphical visualization. Over 1,600 instances of Cacti reachable over the internet are vulnerable to this issue, and hackers have already started to exploit it.

What is the Threat?

The threat is a critical command injection vulnerability in Cacti, tracked as CVE-2022-46169, with a severity rating of 9.8 out of 10. This vulnerability can be exploited without authentication.

Why is it Noteworthy?

This vulnerability allows hackers to gain access to the Cacti instance of an organization, which provides them with information about the type of devices on the network and their local IP addresses. This information is valuable to hackers as it allows them to accurately view the network and identify potential targets for further attacks.

What is the Exposure or Risk?

The risk of this vulnerability is significant as it allows hackers to gain access to an organization's network and potentially move to more valuable systems. Additionally, exploitation attempts for the CVE-2022-46169 vulnerability in Cacti have increased, with a current count of under two dozen.

What are the Recommendations?

Enterprotect recommends the following steps to protect against this vulnerability:

  • Update to the latest version of Cacti that includes a patch for the CVE-2022-46169 vulnerability

  • Limit internet-facing Cacti instances to only necessary hosts

  • Monitor network traffic for abnormal behavior

References

Previous
Previous

Critical Remote Code Execution Vulnerability in Sophos Firewall Devices

Next
Next

Malicious 'Lolip0p' PyPi Packages Install Info-Stealing Malware