Vulnerability Name:

CVE-2009-4112 (CCN-54473)

Assigned:2009-11-25
Published:2009-11-25
Updated:2018-10-10
Summary:Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
CVSS v3 Severity:5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
9.0 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:H/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Wed Nov 25 2009 - 23:43:02 CST
Cacti 0.8.7e: Multiple security issues

Source: FULLDISC
Type: Exploit
20091125 Cacti 0.8.7e: Multiple security issues

Source: MITRE
Type: CNA
CVE-2009-4112

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0272

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0284

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0558

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0565

Source: CCN
Type: SA37484
Cacti Cross-Site Request Forgery

Source: CCN
Type: Cacti Web site
Download Cacti

Source: DEBIAN
Type: DSA-1954
cacti -- insufficient input sanitising

Source: MLIST
Type: UNKNOWN
[oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e

Source: MLIST
Type: UNKNOWN
[oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e

Source: CCN
Type: OSVDB ID: 60588
Cacti Arbitrary Admin User Creation CSRF

Source: CCN
Type: OSVDB ID: 60653
Cacti Linux - Get Memory Usage Data Input Method Remote Privilege Escalation

Source: BUGTRAQ
Type: UNKNOWN
20091126 Cacti 0.8.7e: Multiple security issues

Source: BID
Type: Exploit
37137

Source: CCN
Type: BID-37137
Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability

Source: XF
Type: UNKNOWN
cacti-dim-command-execution(54473)

Source: XF
Type: UNKNOWN
cacti-dim-command-execution(54473)

Source: SUSE
Type: SUSE-SR:2009:020
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:cacti:cacti:0.6.7:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.7:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*
  • OR cpe:/a:cacti:cacti:*:*:*:*:*:*:*:* (Version <= 0.8.7e)

    • Configuration CCN 1:
  • cpe:/a:cacti:cacti:0.8.7e:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20094112
    V
    		CVE-2009-4112
    2022-06-30
    oval:org.opensuse.security:def:112039
    P
    		cacti-1.2.18-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:64643
    P
    		Security update for kernel-firmware (Low)
    2021-12-30
    oval:org.opensuse.security:def:74745
    P
    		Security update for the Linux Kernel (Important)
    2021-11-16
    oval:org.opensuse.security:def:64585
    P
    		Security update for libcryptopp (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:105594
    P
    		cacti-1.2.18-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:63246
    P
    		xen-4.12.0_12-1.1 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:64755
    P
    		Security update for spectre-meltdown-checker (Moderate)
    2021-08-27
    oval:org.opensuse.security:def:64558
    P
    		Security update for fetchmail (Moderate)
    2021-08-20
    oval:org.opensuse.security:def:93574
    P
    		 (Important)
    2021-08-12
    oval:org.opensuse.security:def:63331
    P
    		grub2-x86_64-xen-2.04-20.4 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:63449
    P
    		postgresql-test-12-2.2 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:62832
    P
    		texlive-collection-basic-2017.135.svn41616-9.12.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62775
    P
    		libass-devel-0.14.0-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62828
    P
    		rtkit-0.11+git.20130926-1.34 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63038
    P
    		perl-doc-5.26.1-15.87 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62750
    P
    		gnome-autoar-devel-0.2.3-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62835
    P
    		vorbis-tools-1.4.0-1.53 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62747
    P
    		gd-2.2.5-9.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62743
    P
    		fontforge-20200314-3.3.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100311
    P
    		 (Moderate)
    2021-07-20
    oval:org.opensuse.security:def:63534
    P
    		freerdp-2.0.0~rc2-1.8 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:62860
    P
    		libtidy-devel-5.4.0-1.34 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:100287
    P
    		 (Important)
    2021-06-02
    oval:org.opensuse.security:def:64500
    P
    		Recommended update for grub2 (Moderate)
    2021-05-19
    oval:org.opensuse.security:def:64483
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:93598
    P
    		 (Important)
    2021-03-24
    oval:org.opensuse.security:def:64670
    P
    		Security update for nghttp2 (Important)
    2021-03-24
    oval:org.opensuse.security:def:74697
    P
    		Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:62953
    P
    		gradle-4.4.1-1.87 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:63596
    P
    		libwmf-0_2-7-0.2.8.4-2.30 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:26507
    P
    		Security update for cacti, cacti-spine (Important)
    2020-12-01
    oval:org.opensuse.security:def:64290
    P
    		less on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25400
    P
    		Security update for bcm43xx-firmware (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26472
    P
    		Security update for Chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:64376
    P
    		libpython3_6m1_0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64154
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25343
    P
    		Security update for kernel-firmware (Important)
    2020-12-01
    oval:org.opensuse.security:def:25834
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:64375
    P
    		libpython2_7-1_0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:63825
    P
    		Security update for ucode-intel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25262
    P
    		Security update for spamassassin (Important)
    2020-12-01
    oval:org.opensuse.security:def:25790
    P
    		Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25058
    P
    		Security update for gdb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64398
    P
    		libvirt-libs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64239
    P
    		dhcp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25134
    P
    		Security update for apache2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:74612
    P
    		Security update for dpdk (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25776
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:25688
    P
    		Security update for systemd (Important)
    2020-12-01
    oval:org.opensuse.security:def:63910
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:74830
    P
    		Security update for cacti, cacti-spine (Important)
    2020-12-01
    oval:org.opensuse.security:def:25070
    P
    		Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:25635
    P
    		Security update for tigervnc (Critical)
    2020-12-01
    oval:org.opensuse.security:def:63681
    P
    		Security update for qemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:25059
    P
    		Security update for apache2-mod_auth_openidc (Important)
    2020-12-01
    oval:org.opensuse.security:def:64291
    P
    		lftp on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25484
    P
    		Security update for libqt4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110492
    P
    		Security update for cacti, cacti-spine (Important)
    2020-04-27
    oval:org.opensuse.security:def:110407
    P
    		Security update for cacti, cacti-spine (Important)
    2020-03-01
    oval:org.mitre.oval:def:6983
    P
    		DSA-1954 cacti -- insufficient input sanitising
    2014-06-23
    oval:org.mitre.oval:def:13514
    P
    		DSA-1954-1 cacti -- insufficient input sanitising
    2014-06-23
    BACK
    cacti cacti 0.6.7
    cacti cacti 0.8
    cacti cacti 0.8.1
    cacti cacti 0.8.2
    cacti cacti 0.8.2a
    cacti cacti 0.8.3
    cacti cacti 0.8.3a
    cacti cacti 0.8.4
    cacti cacti 0.8.5
    cacti cacti 0.8.5a
    cacti cacti 0.8.6c
    cacti cacti 0.8.6f
    cacti cacti 0.8.6i
    cacti cacti 0.8.7
    cacti cacti 0.8.7a
    cacti cacti *
    cacti cacti 0.8.7e
    debian debian linux 4.0
    debian debian linux 5.0