Vulnerability Details CVE-2009-4112
Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.084
EPSS Ranking 91.9%
CVSS Severity
CVSS v2 Score 9.0
References
- http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
- http://www.openwall.com/lists/oss-security/2009/11/26/1
- http://www.openwall.com/lists/oss-security/2009/11/30/2
- http://www.securityfocus.com/archive/1/508129/100/0/threaded
- http://www.securityfocus.com/bid/37137
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54473
- http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
- http://www.openwall.com/lists/oss-security/2009/11/26/1
- http://www.openwall.com/lists/oss-security/2009/11/30/2
- http://www.securityfocus.com/archive/1/508129/100/0/threaded
- http://www.securityfocus.com/bid/37137
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54473
Products affected by CVE-2009-4112
-
cpe:2.3:a:cacti:cacti:-
-
cpe:2.3:a:cacti:cacti:0.6.7
-
cpe:2.3:a:cacti:cacti:0.8
-
cpe:2.3:a:cacti:cacti:0.8.1
-
cpe:2.3:a:cacti:cacti:0.8.2
-
cpe:2.3:a:cacti:cacti:0.8.2a
-
cpe:2.3:a:cacti:cacti:0.8.3
-
cpe:2.3:a:cacti:cacti:0.8.3a
-
cpe:2.3:a:cacti:cacti:0.8.4
-
cpe:2.3:a:cacti:cacti:0.8.5
-
cpe:2.3:a:cacti:cacti:0.8.5a
-
cpe:2.3:a:cacti:cacti:0.8.6
-
cpe:2.3:a:cacti:cacti:0.8.6a
-
cpe:2.3:a:cacti:cacti:0.8.6b
-
cpe:2.3:a:cacti:cacti:0.8.6c
-
cpe:2.3:a:cacti:cacti:0.8.6d
-
cpe:2.3:a:cacti:cacti:0.8.6e
-
cpe:2.3:a:cacti:cacti:0.8.6f
-
cpe:2.3:a:cacti:cacti:0.8.6g
-
cpe:2.3:a:cacti:cacti:0.8.6h
-
cpe:2.3:a:cacti:cacti:0.8.6i
-
cpe:2.3:a:cacti:cacti:0.8.6j
-
cpe:2.3:a:cacti:cacti:0.8.6k
-
cpe:2.3:a:cacti:cacti:0.8.7
-
cpe:2.3:a:cacti:cacti:0.8.7a
-
cpe:2.3:a:cacti:cacti:0.8.7b
-
cpe:2.3:a:cacti:cacti:0.8.7c
-
cpe:2.3:a:cacti:cacti:0.8.7d
-
cpe:2.3:a:cacti:cacti:0.8.7e