16 January 2023 [NO.TCSA : 20230116-1-1-P]
A severe vulnerability in the Cacti open-source web-based monitoring solution, identified as CVE-2022-46169 with a CVSS score of 9.8, is being actively exploited in the wild. The vulnerability, which is a combination of authentication bypass and command injection, allows an unauthenticated user to execute arbitrary code on affected versions of the software. A significant number of internet-exposed Cacti servers have been found to be vulnerable to this exploit.
Users are strongly advised to test and upgrade to Cacti version 1.2.23 or 1.3.0 (or later), which have been patched to address this vulnerability. Additionally, it is recommended to regularly monitor the security of your systems and to apply security updates as soon as they become available.
