CVE-2024-45598 in Cacti
Summary
by MITRE • 01/27/2025
Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/11/2025
The vulnerability identified as CVE-2024-45598 affects Cacti, an open source performance and fault management framework widely used for network monitoring and system performance tracking. This issue represents a critical information disclosure vulnerability that allows authenticated administrators to access arbitrary local files on the server through the web interface. The flaw exists in versions prior to 1.2.29, making installations within this range particularly susceptible to unauthorized file access. The vulnerability stems from insufficient input validation and access control mechanisms within the application's logging and file path handling components.
The technical implementation of this vulnerability exploits the configuration parameter `Poller Standard Error Log Path` which can be manipulated by administrators during the installation process or through the Configuration->Settings->Paths interface. When an administrator modifies this parameter to point to a local file within the server's filesystem, the application fails to properly validate or sanitize the file path input. Subsequently, when users navigate to the Logs tab and select the specified local file name, the web application directly serves the file contents without proper authorization checks or path validation. This creates a path traversal scenario where arbitrary local file content becomes accessible through the web interface, potentially exposing sensitive system information, configuration files, or application data.
The operational impact of this vulnerability extends beyond simple information disclosure as it enables attackers with administrator credentials to potentially access critical system files that may contain sensitive data such as database credentials, application configuration details, or system-level information. The vulnerability is particularly concerning because it leverages legitimate administrative functionality to achieve unauthorized file access, making detection more challenging. According to CWE-22, this vulnerability maps to path traversal flaws where improper input validation allows access to unintended files and directories. The attack pattern aligns with ATT&CK technique T1213.002 for Data from Information Repositories, as it enables extraction of sensitive data through compromised administrative access. Organizations using Cacti versions prior to 1.2.29 face significant risk of exposure to system-level information that could aid in further exploitation or compromise of the monitored infrastructure.
The recommended mitigation strategy involves immediate upgrade to Cacti version 1.2.29 or later, which includes proper input validation and access control measures for file path parameters. Administrators should also implement principle of least privilege for administrative accounts and regularly audit configuration changes to detect unauthorized modifications to path parameters. Additional protective measures include implementing web application firewalls to monitor for suspicious file access patterns and conducting regular security assessments of the monitoring infrastructure. Organizations should also consider restricting direct file system access and implementing proper logging of administrative activities to detect potential exploitation attempts. The vulnerability highlights the importance of validating all user-supplied input in web applications and demonstrates how seemingly benign configuration options can become attack vectors when proper sanitization and access controls are not implemented.