Vulnerability Description
Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cacti | Cacti | <= 0.8.7e |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/41041Vendor Advisory
- http://svn.cacti.net/viewvc?view=rev&revision=5778
- http://svn.cacti.net/viewvc?view=rev&revision=5782
- http://svn.cacti.net/viewvc?view=rev&revision=5784
- http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection
- http://www.cacti.net/release_notes_0_8_7f.php
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
- http://www.vupen.com/english/advisories/2010/2132
- https://bugzilla.redhat.com/show_bug.cgi?id=609115
- https://rhn.redhat.com/errata/RHSA-2010-0635.html
- http://secunia.com/advisories/41041Vendor Advisory
- http://svn.cacti.net/viewvc?view=rev&revision=5778
- http://svn.cacti.net/viewvc?view=rev&revision=5782
- http://svn.cacti.net/viewvc?view=rev&revision=5784
- http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection
FAQ
What is CVE-2010-1645?
CVE-2010-1645 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters ...
How severe is CVE-2010-1645?
CVE-2010-1645 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1645?
Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti.