Cacti Unauthenticated Command Injection (CVE-2022-46169)
Description
Cacti versions prior to 1.2.23 contain a critical authorization bypass vulnerability in the remote polling agent functionality. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted HTTP request to execute arbitrary operating system commands on the server. This vulnerability exists due to insufficient validation of user-supplied input in the remote agent component, allowing attackers to bypass authentication mechanisms entirely.
Remediation
Apply the following remediation steps immediately:
1. Upgrade Cacti to version 1.2.23 or later, which contains patches for CVE-2022-46169
2. If immediate patching is not possible, disable remote polling agent functionality until the upgrade can be completed
3. Implement network-level access controls to restrict access to the Cacti web interface to trusted IP addresses only
4. Review system logs for any suspicious activity or unauthorized command execution that may have occurred prior to patching
5. After upgrading, verify the installation by checking the version number in the Cacti console and confirming that remote agent requests require proper authentication