CVE-2020-8813 Scanner

Cacti software is an open-source network monitoring and graphing tool designed to track and analyze different types of network data. The product features a web-based front end and provides various functions such as data visualization, data collection, and reporting. It is widely used by IT professionals, network administrators, and system administrators to identify and troubleshoot network issues, detect potential bottlenecks, and optimize overall network performance.

CVE-2020-8813 is a vulnerability that was recently detected in Cacti 1.2.8, which allows remote attackers to execute arbitrary OS commands through shell metacharacters in a cookie. This vulnerability can be exploited by guest users with graph real-time privilege, allowing remote attackers to penetrate the network and take unauthorized control of the system.

When exploited, this vulnerability can lead to severe consequences, such as unauthorized data access, system crashes, and loss of sensitive information. Attackers can also use this to model future attack vectors that could potentially compromise the entire network as well. As a result, it is essential to take immediate action to protect against this type of vulnerability.

In conclusion, security is a top concern in today's increasingly digital world, and it is crucial to stay up-to-date with the latest security vulnerabilities. By utilizing the securityforeveryone.com platform, users can easily and quickly learn about any vulnerabilities in their digital assets, thanks to the platform's pro features. As such, it is essential to note the importance of staying aware of such platforms to ensure maximum security for your digital assets.

REFERENCES

• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
• http://packetstormsecurity.com/files/156537/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/156538/Cacti-1.2.8-Authenticated-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/156593/Cacti-1.2.8-Unauthenticated-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/157477/Open-AudIT-Professional-3.3.1-Remote-Code-Execution.html
• https://drive.google.com/file/d/1A8hxTyk_NgSp04zPX-23nPbsSDeyDFio/view
• https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129
• https://github.com/Cacti/cacti/issues/3285
• https://github.com/Cacti/cacti/releases
• https://lists.fedoraproject.org/archives/list/[email protected]/message/M77SS33IDVNGBU566TK2XVULPW3RXUQ4/
• https://lists.fedoraproject.org/archives/list/[email protected]/message/WAX3LDXPIKWNBGVZSIMZV7LI5K6BZRTO/
• https://lists.fedoraproject.org/archives/list/[email protected]/message/XEMDQXDRNQYXOME7TACKDVCXZXZNGZE2/
• https://security.gentoo.org/glsa/202004-16
• https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/