8.1

CVE-2019-17358

Exploit
Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CactiCacti Version <= 1.2.7
DebianDebian Linux Version8.0
OpensuseLeap Version42.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.01% 0.856
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
https://seclists.org/bugtraq/2020/Jan/25
https://security.gentoo.org/glsa/202003-40
https://www.debian.org/security/2020/dsa-4604
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358
Third Party Advisory
Issue Tracking
https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109
Third Party Advisory
Exploit
https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8
Third Party Advisory
Product
https://github.com/Cacti/cacti/issues/3026
Third Party Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html
Third Party Advisory
Mailing List
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html
Third Party Advisory
https://www.darkmatter.ae/xen1thlabs/
Not Applicable