CISA Adds Cacti Vulnerability to Known Exploited Vulnerabilities Catalog
The Cacti Command Injection Vulnerability allows unauthenticated users to execute arbitrary code on a server that runs the Cacti open-source platform. Specifically, it allows hackers to retrieve the client’s internet protocol address by bypassing authentication processes.
The vulnerability is often used by malicious actors and could cause significant harm to federal agencies, CISA said Thursday.
Organizations have until March 9 to fix the vulnerability.
The Known Exploited Vulnerabilities Catalog was established through CISA’s Binding Operational Directive 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. Under BOD 22-01, all Federal Civilian Executive Branch are required to address known vulnerabilities by the due date.
While BOD 22-01 is only required for the FCEB, CISA urges all organizations to remediate vulnerabilities to reduce their exposure to cyberattacks.
Tags: Cacti Cacti Command Injection Vulnerability cyber threats cybersecurity Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities Catalog vulnerability