CVE-2022-48538

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 22, 2023
Updated: Aug 28, 2023
CWE ID 863

Summary

CVE-2022-48538 is a vulnerability affecting Cacti version 1.2.19. This issue involves an authentication bypass in the web login functionality due to insufficient validation in the cacti_ldap_auth() PHP function. An attacker can exploit this flaw by providing a zero as the password, thereby gaining unauthorized access to the system. This vulnerability poses a significant risk to security, as it allows unauthenticated users to bypass the login process and potentially access sensitive information. It is recommended that users update their Cacti installation to a patched version as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share