Bronnen

https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

Risico’s

Cacti is an operational and fault management monitoring solution for network devices with a graphical user interface.

Gaining access to the Cacti instance of an organization gives an attacker the opportunity to collect intelligence about the type of devices on the network and the associated IP addresses. Attackers can use the acquired intelligence to gain a foothold and/or to move laterally inside the network Attackers are actively exploiting CVE-2022-46169.

Observations indicate that attackers are leveraging CVE-2022-46169 to install botnets, such as the Mirai malware and/or a reverse shell on the host with the intent to run port scans.

The Centre for Cyber security Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity. If your organization has already identified an intrusion or incident, please report it via: https://cert.be/en/report-incident.

Aanbevolen acties

The Centre for Cyber Security Belgium strongly recommends Windows system administrators to take the following actions:

Update vulnerable Cacti instances immediately to the most recent build available: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf

Upscale monitoring and detection capabilities to detect any related suspicious activity to ensure a fast response in case of an intrusion.

Referenties

https://securityaffairs.com/140797/hacking/cacti-servers-cve-2022-46169-flaw.html