CVE-2023-31132
CVSS V2 None
CVSS V3 None
Description
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Overview
- CVE ID
- CVE-2023-31132
- Assigner
- security-advisories@github.com
- Vulnerability Status
- Received
- Published Version
- 2023-09-05T22:15:08
- Last Modified Date
- 2023-09-05T22:15:08
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-31132 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31132 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-09-06 03:12:59 | Added to TrackCVE | |||
| 2023-09-06 03:13:01 | Weakness Enumeration | new |