A security bug spotted in Cacti software is putting thousands of devices at risk – most of them being used in enterprises, thus compromising the safety of whole organizations.
Though the developer has released a patch for the concerned bug, it’s still the system admins running Cacti who need to update to stay secured. Security researchers noted a rise of exploitations against this bug in the wild, thus pushing users to update the software immediately.
Security Bug in Cacti Software
To the unknown, Cacti is a device monitoring tool used for operational and fault management. While it’s used mostly incorporates as a remote management solution, individuals can try it to become of its graphical interface – which makes its usage simple.
Last month, a security advisory warned showed up warning Cacti users of a critical vulnerability in the software – tracked as CVE-2022-46169 – that can let hackers gain access to a system without authentication.
Being a critical command injection vulnerability, the Cacti bug is given a severity score of 9.8/10, with a patch solution released by the developer immediately. Yet, it’s the duty of system admins running the software who should apply it to be safe.
As per Censys report, there are currently over 6,400 Cacti hosts exposed on the web. While they’re unable to determine how many of them are running a vulnerable version, an estimate has counted the number to be at 1,637 Cacti hosts – exposed to the web running the CVE-2022-46169 bug!
Hackers exploiting them can gain access to the underlying systems and data, like the type of devices on the network and their local IP addresses – which is a boon for them to conduct better attacks.
As we warn the system admins to update their software immediately, security researchers say they see the exploitations against vulnerable Cacti devices on the rise – especially after SonarSource, a cybersecurity company shared the technical write-up of the bug and a short video demonstrating its mechanism.
Hackers are seen installing botnets like Mirai malware and IRC botnet (PERL-based), which open a reverse shell on the host.