Vulnerability CVE-2019-11025

Vulnerability Name:

CVE-2019-11025 (CCN-159912)

Assigned:

2019-03-28

Published:

2019-03-28

Updated:

2022-05-24

Summary:

In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.

CVSS v3 Severity:

5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-79

Vulnerability Consequences:

Cross-Site Scripting

References:

Source: MITRE
Type: CNA
CVE-2019-11025

Source: XF
Type: UNKNOWN
cacti-cve201911025-xss(159912)

Source: MISC
Type: Release Notes, Third Party Advisory
https://github.com/Cacti/cacti/compare/6ea486a...99995bb

Source: CCN
Type: Cacti GIT Repository
When viewing poller cache, Device SNMP community is not properly escaped #2581

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://github.com/Cacti/cacti/issues/2581

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20190416 [SECURITY] [DLA 1757-1] cacti security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update

Vulnerable Configuration:

Configuration 1:

cpe:/a:cacti:cacti:*:*:*:*:*:*:*:* (Version < 1.2.3)

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.disco:def:2019110250000000	V	CVE-2019-11025 on Ubuntu 19.04 (disco) - medium.	2019-04-08
oval:com.ubuntu.cosmic:def:201911025000	V	CVE-2019-11025 on Ubuntu 18.10 (cosmic) - medium.	2019-04-08
oval:com.ubuntu.cosmic:def:2019110250000000	V	CVE-2019-11025 on Ubuntu 18.10 (cosmic) - medium.	2019-04-08
oval:com.ubuntu.bionic:def:201911025000	V	CVE-2019-11025 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-08
oval:com.ubuntu.bionic:def:2019110250000000	V	CVE-2019-11025 on Ubuntu 18.04 LTS (bionic) - medium.	2019-04-08
oval:com.ubuntu.xenial:def:201911025000	V	CVE-2019-11025 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-08
oval:com.ubuntu.xenial:def:2019110250000000	V	CVE-2019-11025 on Ubuntu 16.04 LTS (xenial) - medium.	2019-04-08
oval:com.ubuntu.trusty:def:201911025000	V	CVE-2019-11025 on Ubuntu 14.04 LTS (trusty) - medium.	2019-04-08

BACK