Vulnerability CVE-2019-17358

Vulnerability Name:

CVE-2019-17358 (CCN-173568)

Assigned:

2019-10-13

Published:

2019-10-13

Updated:

2020-08-24

Summary:

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-787
CWE-502

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2019-17358

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0272

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0284

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0558

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2020:0565

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358

Source: XF
Type: UNKNOWN
cacti-cve201917358-sec-bypass(173568)

Source: MISC
Type: Exploit, Third Party Advisory
https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109

Source: MISC
Type: Product, Third Party Advisory
https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8

Source: CCN
Type: cacti GIT Repository
When deserializating data, ensure basic sanitization has been performed #3026

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://github.com/Cacti/cacti/issues/3026

Source: MISC
Type: Mailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html

Source: MISC
Type: Third Party Advisory
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html

Source: BUGTRAQ
Type: UNKNOWN
20200120 [SECURITY] [DSA 4604-1] cacti security update

Source: GENTOO
Type: UNKNOWN
GLSA-202003-40

Source: MISC
Type: Not Applicable
https://www.darkmatter.ae/xen1thlabs/

Source: DEBIAN
Type: UNKNOWN
DSA-4604

Vulnerable Configuration:

Configuration 1:

cpe:/a:cacti:cacti:*:*:*:*:*:*:*:* (Version <= 1.2.7)

Configuration 2:

cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:opensuse:leap:42.3:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:cacti:cacti:1.2.7:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201917358	V	CVE-2019-17358	2022-06-30
oval:org.opensuse.security:def:112039	P	cacti-1.2.18-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:64643	P	Security update for kernel-firmware (Low)	2021-12-30
oval:org.opensuse.security:def:74745	P	Security update for the Linux Kernel (Important)	2021-11-16
oval:org.opensuse.security:def:64585	P	Security update for libcryptopp (Moderate)	2021-10-06
oval:org.opensuse.security:def:105594	P	cacti-1.2.18-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63246	P	xen-4.12.0_12-1.1 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:64755	P	Security update for spectre-meltdown-checker (Moderate)	2021-08-27
oval:org.opensuse.security:def:64558	P	Security update for fetchmail (Moderate)	2021-08-20
oval:org.opensuse.security:def:93574	P	(Important)	2021-08-12
oval:org.opensuse.security:def:63449	P	postgresql-test-12-2.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63331	P	grub2-x86_64-xen-2.04-20.4 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:62747	P	gd-2.2.5-9.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62743	P	fontforge-20200314-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62832	P	texlive-collection-basic-2017.135.svn41616-9.12.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62775	P	libass-devel-0.14.0-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62828	P	rtkit-0.11+git.20130926-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63038	P	perl-doc-5.26.1-15.87 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62750	P	gnome-autoar-devel-0.2.3-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62835	P	vorbis-tools-1.4.0-1.53 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100311	P	(Moderate)	2021-07-20
oval:org.opensuse.security:def:63534	P	freerdp-2.0.0~rc2-1.8 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62860	P	libtidy-devel-5.4.0-1.34 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:100287	P	(Important)	2021-06-02
oval:org.opensuse.security:def:64500	P	Recommended update for grub2 (Moderate)	2021-05-19
oval:org.opensuse.security:def:64483	P	Security update for webkit2gtk3 (Important)	2021-04-29
oval:org.opensuse.security:def:64670	P	Security update for nghttp2 (Important)	2021-03-24
oval:org.opensuse.security:def:93598	P	(Important)	2021-03-24
oval:org.opensuse.security:def:74697	P	Security update for git (Important)	2021-03-09
oval:org.opensuse.security:def:62953	P	gradle-4.4.1-1.87 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63596	P	libwmf-0_2-7-0.2.8.4-2.30 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:74830	P	Security update for cacti, cacti-spine (Important)	2020-12-01
oval:org.opensuse.security:def:25070	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25635	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:63681	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:25059	P	Security update for apache2-mod_auth_openidc (Important)	2020-12-01
oval:org.opensuse.security:def:64291	P	lftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25484	P	Security update for libqt4 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26507	P	Security update for cacti, cacti-spine (Important)	2020-12-01
oval:org.opensuse.security:def:64290	P	less on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25400	P	Security update for bcm43xx-firmware (Moderate)	2020-12-01
oval:org.opensuse.security:def:26472	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:64376	P	libpython3_6m1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64154	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25343	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:25834	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:64375	P	libpython2_7-1_0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63825	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:25262	P	Security update for spamassassin (Important)	2020-12-01
oval:org.opensuse.security:def:25790	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:25058	P	Security update for gdb (Moderate)	2020-12-01
oval:org.opensuse.security:def:64398	P	libvirt-libs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64239	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25134	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:74612	P	Security update for dpdk (Critical)	2020-12-01
oval:org.opensuse.security:def:25776	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:25688	P	Security update for systemd (Important)	2020-12-01
oval:org.opensuse.security:def:63910	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:110492	P	Security update for cacti, cacti-spine (Important)	2020-04-27
oval:org.opensuse.security:def:110407	P	Security update for cacti, cacti-spine (Important)	2020-03-01
oval:com.ubuntu.disco:def:2019173580000000	V	CVE-2019-17358 on Ubuntu 19.04 (disco) - medium.	2019-12-12
oval:com.ubuntu.bionic:def:2019173580000000	V	CVE-2019-17358 on Ubuntu 18.04 LTS (bionic) - medium.	2019-12-12
oval:com.ubuntu.xenial:def:2019173580000000	V	CVE-2019-17358 on Ubuntu 16.04 LTS (xenial) - medium.	2019-12-12

BACK