module
Cacti Import Packages RCE
| Disclosed | Created |
|---|---|
| 05/12/2024 | 06/13/2024 |
Disclosed
05/12/2024
Created
06/13/2024
Description
This exploit module leverages an arbitrary file write vulnerability
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the `Import Packages` feature to upload a specially crafted
package that embeds a PHP file. Cacti will extract this file to an
accessible location. The module finally triggers the payload to execute
arbitrary PHP code in the context of the user running the web server.
Authentication is needed and the account must have access to the
`Import Packages` feature. This is granted by setting the `Import
Templates` permission in the `Template Editor` section.
(CVE-2024-25641) in Cacti versions prior to 1.2.27 to achieve RCE. It
abuses the `Import Packages` feature to upload a specially crafted
package that embeds a PHP file. Cacti will extract this file to an
accessible location. The module finally triggers the payload to execute
arbitrary PHP code in the context of the user running the web server.
Authentication is needed and the account must have access to the
`Import Packages` feature. This is granted by setting the `Import
Templates` permission in the `Template Editor` section.
Authors
Egidio RomanoChristophe De La Fuente
Platform
Windows
Architectures
php, cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/multi/http/cacti_package_import_rce
msf /(e) > show actions
...actions...
msf /(e) > set ACTION < action-name >
msf /(e) > show options
...show and set options...
msf /(e) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.