CVE-2022-46169

Cacti v1.2.22 - Remote Command Execution

Cacti v1.2.22 - Remote Command Execution - API

Vulnerability --> two vulnerabilities are chained together to achieve Pre-auth command injection or Pre-auth RCE. More about Cacti:

🌵Cacti

Score: CVSS v2.0: N/A // CVSS v3.x: 9.8

Shows on:

• HTB-MonitorsTwo

POC:

Cacti v1.2.22 - Remote Command Execution (RCE)Exploit Database

POC:

GitHub - N1arut/CVE-2022-46169_POC: RCE POC for CVE-2022-46169GitHub

POC:

GitHub - ariyaadinatha/cacti-cve-2022-46169-exploit: This is poc of CVE-2022-46169 authentication bypass and remote code executionGitHub

Resources:

Unauthenticated RCE in Cacti - CVE-2022-46169 - Defense.One

Cacti: Unauthenticated Remote Code ExecutionSonarSource