HTTP: Cacti Performance Boost Debug Log Remote Command Execution

This signature detects attempts to exploit a known vulnerability against Cacti. A successful attack can lead to arbitrary code execution.

Extended Description

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.

Affected Products

Cacti cacti

References

CVE: CVE-2020-7237

Short Name
HTTP:PHP:CACTI-BOOST-DEBUG-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Boost CVE-2020-7237 Cacti Command Debug Execution Log Performance Remote
Release Date
03/25/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3583
False Positive
Unknown
Vendors

Cacti

Found a potential security threat?