HQ/EMEAFind out how we can help your business
Researchers discovered that the Cacti critical flaw could allow threat actors to execute its operations in more than 1,600 instances. The Cacti device is a monitoring tool reachable through the internet, but hackers have already started to abuse the newly discovered vulnerability.
Cacti is an operational and fault management monitoring software for network devices that provides graphical visualisation. Currently, thousands of instances launched worldwide are exposed on the internet.
Researchers identified the Cacti critical flaw in the early week of December last year.
Recently, a security advisory warned users regarding the Cacti critical flaw, which attackers could exploit without authentication. The vulnerability (CVE-2022-46169) has a severity rating of 9.8 out of 10.
Fortunately, the devs already published an update that patched the bug and advised obstructing command injection and authorisation bypass. Additionally, technical details regarding the issue and how the hackers could exploit it emerged the same month after the developers released the update.
PoC, exploit code that could weaponise for attacks, was also detailed by an individual after the issued fix. Earlier this month, a company that gives code quality and security products also published a technical write-up of their analysis regarding the Cacti flaw.
The researchers noticed the exploitation attempts against the flaw to spread malware. One of the malware strains that the actors tried to deploy was the Mirai malware.
Furthermore, another exploit attempted installation was the IRS malware that opened a reverse shell on the flawed device and instructed it to operate port scans.
As of now, an expert on attack surface search platforms for internet-linked devices claimed that nearly 6,500 Cacti hosts are exposed on the web. However, identifying the number of operations on the vulnerability is impossible for the researcher.
Fortunately, they could count the Cacti hosts that were reachable over the web and susceptible to the effects caused by CVE-2022-46169. There are about 465 Cacti versions 1.1.38 that are prone to the bug.
Out of all the vulnerable Cacti hosts, there are only 26 hosts which are up to date and not vulnerable to the critical flaw.
