CVE-2019-11025
Published: 8 April 2019
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
From the Ubuntu Security Team
It was discovered that Cacti doesn't properly handles the value of some SNMP Options strings. An attacker could use it to do XSS and cause a Denial of Service or code execution.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cacti Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| cosmic |
Ignored
(end of life)
|
|
| disco |
Not vulnerable
(1.2.2+ds1-2)
|
|
| eoan |
Not vulnerable
(1.2.2+ds1-2)
|
|
| focal |
Not vulnerable
(1.2.2+ds1-2)
|
|
| groovy |
Not vulnerable
(1.2.2+ds1-2)
|
|
| hirsute |
Not vulnerable
(1.2.2+ds1-2)
|
|
| impish |
Not vulnerable
(1.2.2+ds1-2)
|
|
| jammy |
Not vulnerable
(1.2.2+ds1-2)
|
|
| kinetic |
Not vulnerable
(1.2.2+ds1-2)
|
|
| lunar |
Not vulnerable
(1.2.2+ds1-2)
|
|
| mantic |
Not vulnerable
(1.2.2+ds1-2)
|
|
| trusty |
Released
(0.8.8b+dfsg-5ubuntu0.2+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| upstream |
Released
(1.2.2+ds1-2)
|
|
| xenial |
Needed
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.4 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | Required |
| Scope | Changed |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |