Vulnerability Description
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cacti | Cacti | < 1.0.0 |
Related Weaknesses (CWE)
References
- http://bugs.cacti.net/view.php?id=2697Broken Link
- http://www.cacti.net/release_notes_1_0_0.phpIssue TrackingRelease NotesVendor Advisory
- https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846Issue TrackingPatchThird Party Advisory
- https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=269Issue TrackingThird Party Advisory
- http://bugs.cacti.net/view.php?id=2697Broken Link
- http://www.cacti.net/release_notes_1_0_0.phpIssue TrackingRelease NotesVendor Advisory
- https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846Issue TrackingPatchThird Party Advisory
- https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=269Issue TrackingThird Party Advisory
FAQ
What is CVE-2016-10700?
CVE-2016-10700 is a vulnerability with a CVSS score of 8.8 (HIGH). auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the ...
How severe is CVE-2016-10700?
CVE-2016-10700 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10700?
Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti.