Vulnerability CVE-2020-35701

Vulnerability Name:

CVE-2020-35701 (CCN-194524)

Assigned:

2020-12-24

Published:

2020-12-24

Updated:

2021-05-21

Summary:

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-89

Vulnerability Consequences:

Data Manipulation

References:

Source: MITRE
Type: CNA
CVE-2020-35701

Source: MISC
Type: Exploit, Third Party Advisory
https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/

Source: XF
Type: UNKNOWN
cacti-cve202035701-sql-injection(194524)

Source: CCN
Type: Cacti GIT Repository
SQL Injection vulnerability due to input validation errors when diagnosing datasources (CVE-2020-35701) #4022

Source: MISC
Type: Third Party Advisory
https://github.com/Cacti/cacti/issues/4022

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-598b6d2924

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-0e0fd08e44

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-6dfba2aabf

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-31

Source: CCN
Type: Cacti Web site
Cacti

Vulnerable Configuration:

Configuration 1:

cpe:/a:cacti:cacti:*:*:*:*:*:*:*:* (Version >= 1.2.0 and <= 1.2.16)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:112039	P	cacti-1.2.18-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105594	P	cacti-1.2.18-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:103176	P	Security update for cacti, cacti-spine (Important)	2021-05-24
oval:org.opensuse.security:def:11219	P	Security update for cacti, cacti-spine (Important)	2021-05-24
oval:org.opensuse.security:def:96486	P	Security update for cacti, cacti-spine (Important)	2021-05-24
oval:org.opensuse.security:def:109833	P	Security update for cacti, cacti-spine (Important)	2021-05-24
oval:org.opensuse.security:def:35513	P	Security update for cacti, cacti-spine (Important)	2021-05-20
oval:org.opensuse.security:def:111391	P	Security update for cacti, cacti-spine (Important)	2021-05-20

BACK