CVE-2023-49088 - Vulnerability Details

Vendors	Products
Cacti	Cacti

Link	Providers
https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php
https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h
https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x
https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-49088", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-11-21T18:57:30.429Z", "datePublished": "2023-12-22T16:16:53.348Z", "dateUpdated": "2025-02-13T17:18:33.056Z"}, "containers": {"cna": {"title": "Cacti has incomplete fix for CVE-2023-39515", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x"}, {"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h", "tags": ["x_refsource_MISC"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h"}, {"name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php", "tags": ["x_refsource_MISC"], "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"}], "affected": [{"vendor": "Cacti", "product": "cacti", "versions": [{"version": "<= 1.2.25", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-10T16:09:32.324Z"}, "descriptions": [{"lang": "en", "value": "Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti."}], "source": {"advisory": "GHSA-q7g7-gcf6-wh4x", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:46:29.327Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x"}, {"name": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h"}, {"name": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", "matchCriteriaId": "11743AE1-4C92-47E9-BDA5-764FE3984CE8", "versionEndExcluding": "1.2.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti."}, {"lang": "es", "value": "Cacti es un framework de gesti\u00f3n de fallos y monitoreo operativo de c\u00f3digo abierto. La soluci\u00f3n aplicada para CVE-2023-39515 en la versi\u00f3n 1.2.25 est\u00e1 incompleta, ya que permite que un adversario haga que el navegador de la v\u00edctima ejecute c\u00f3digo malicioso cuando un usuario v\u00edctima pasa el mouse sobre la ruta de la fuente de datos maliciosa en `data_debug.php`. Para realizar el ataque de cross-site scripting, el adversario debe ser un usuario de Cacti autorizado con los siguientes permisos: `General Administration>Sites/Devices/Data`. La v\u00edctima de este ataque podr\u00eda ser cualquier cuenta con permisos para ver `http:///cacti/data_debug.php`. Al momento de la publicaci\u00f3n, no se ha incluido ninguna soluci\u00f3n completa en Cacti."}], "id": "CVE-2023-49088", "lastModified": "2024-11-21T08:32:47.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-22T17:15:08.247", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x"}, {"source": "security-advisories@github.com", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object