CVE-2020-8813 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cacti	Cacti	1.2.8
Fedoraproject	Fedora	30
Opmantek	Open-Audit	3.3.1
Opensuse	Suse Package Hub	All versions
Opensuse	Suse Linux Enterprise Server	12.0
Debian	Debian Linux	10.0

Related Weaknesses (CWE)

CWE-78

References

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.htmlExploitThird Party Advisory
http://packetstormsecurity.com/files/156537/Cacti-1.2.8-Unauthenticated-Remote-CThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/156538/Cacti-1.2.8-Authenticated-Remote-CodThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/156593/Cacti-1.2.8-Unauthenticated-Remote-CThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-RemoteThird Party AdvisoryVDB Entry
https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/viewExploitThird Party Advisory
https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129ExploitThird Party Advisory
https://github.com/Cacti/cacti/issues/3285Issue TrackingThird Party Advisory
https://github.com/Cacti/cacti/releasesRelease Notes
https://lists.debian.org/debian-lts-announce/2022/12/msg00039.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202004-16Third Party Advisory

FAQ

What is CVE-2020-8813?

CVE-2020-8813 is a vulnerability with a CVSS score of 8.8 (HIGH). graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.

How severe is CVE-2020-8813?

CVE-2020-8813 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-8813?

Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti, Fedoraproject Fedora, Opmantek Open-Audit, Opensuse Suse Package Hub, Opensuse Suse Linux Enterprise Server.