CVE-2024-45598

MEDIUM EPSS 85.4%
Published Jan 27, 20251y ago · Modified Jun 17, 20261w ago
4.9 CVSS 3.1
Medium
Find Similar
Published Jan 27, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.

CVSS Details

Base Score
4.9
Exploitability
1.2
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
85.4% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-22 Path Traversal Resource Mgmt

Affected Products 1

VendorProductVersionRange
cacticacti* <1.2.29

References 3

  • github.com https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66b1040baa6dbf37471a0ae
    Patch
  • github.com https://github.com/Cacti/cacti/security/advisories/GHSA-pv2c-97pp-vxwg
    ExploitVendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

Remediation

  • github.com https://github.com/Cacti/cacti/commit/eca52c6bb3e76c55d66b1040baa6dbf37471a0ae
    Patch