EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").
References
Link | Resource |
---|---|
https://eyesofnetwork.com | Broken Link |
https://www.eyesofnetwork.com/en/news/vulnerabilite-cacti | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-30T10:41:32
Updated: 2022-06-30T10:41:32
Reserved: 2021-09-07T00:00:00
Link: CVE-2021-40643
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-30T11:15:07.990
Modified: 2022-07-11T18:35:07.713
Link: CVE-2021-40643
JSON object: View
Redhat Information
No data.
CWE