CVE-2024-45598

CVSS 3.1 Score 6 of 10 (medium)

Details

Published Jan 27, 2025

CWE ID 22

Summary

CVE-2024-45598 is a vulnerability affecting the open source performance and fault management framework, Cacti, prior to version 1.2.29. This issue allows an administrator to modify the "Poller Standard Error Log Path" parameter to a local file, which can then be viewed on the web UI by accessing the Logs tab and selecting the name of the local file. This security flaw could potentially expose sensitive information to unauthorized users. The vulnerability is mitigated by upgrading to Cacti version 1.2.29.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cacti

Affected Vendors

Cacti

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ySMIFk
https://www.cve.org/CVERecord?id=CVE-2024-45598
https://nvd.nist.gov/vuln/detail/CVE-2024-45598

Back to Vulnerability Database