CISA Adds Cacti Vulnerability to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency has added a cyber vulnerability to its Known Exploited Vulnerabilities Catalog.

The Cacti Command Injection Vulnerability allows unauthenticated users to execute arbitrary code on a server that runs the Cacti open-source platform. Specifically, it allows hackers to retrieve the client’s internet protocol address by bypassing authentication processes.

The vulnerability is often used by malicious actors and could cause significant harm to federal agencies, CISA said Thursday.

Organizations have until March 9 to fix the vulnerability.

The Known Exploited Vulnerabilities Catalog was established through CISA’s Binding Operational Directive 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. Under BOD 22-01, all Federal Civilian Executive Branch are required to address known vulnerabilities by the due date.

While BOD 22-01 is only required for the FCEB, CISA urges all organizations to remediate vulnerabilities to reduce their exposure to cyberattacks.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now