CVE-2024-45598

Published Jan 27, 2025

Last updated a month ago

CVSS medium 6.0

Overview

Description
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
6
Impact score
4.7
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. CVE-2024-45598 Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in eit… https://t.co/xp0imGRHZj

    @CVEnew

    27 Jan 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References