CVE-2023-39360 - Cacti Stored Cross-Site-Scripting (XSS) Vulnerability in Open-Source Monitoring Framework

Cacti, an open-source operational monitoring and fault management framework, is currently facing a security vulnerability due to a Stored Cross-Site-Scripting (XSS) issue. This vulnerability, identified as CVE-2023-39360, enables an authenticated user to poison data in affected versions of the platform. The issue was discovered in the graphs_new.php file that deals with the handling of the returnto parameter.

Affected Versions

The vulnerability has been found in Cacti versions up to and including 1.2.24. The solution to this issue has been provided in the latest version, 1.2.25. Users are strongly recommended to upgrade to this version to avoid experiencing any security risks.

Links to Original References

- Cacti Official Website
- Cacti GitHub Repository
- CVE-2023-39360 Details

Exploit Details

In the affected file graphs_new.php, several validations are performed, specifically related to the returnto parameter. However, this parameter is directly passed to form_save_button, making it susceptible to the Stored XSS vulnerability.

To bypass the validation process, the returnto parameter must contain host.php. This allows an authenticated user with malicious intent to poison data by injecting a crafted script as part of the input. Here is an example code snippet to demonstrate the issue:

if (!isempty_request_var('returnto')) {
    $returnto = basename(get_nfilter_request_var('returnto'));
    if (substr_count($returnto, 'host.php') || substr_count($returnto, 'graphs_new.php')) {
        form_save_button(get_nfilter_request_var('returnto'));
    } else {
        form_save_button('host.php');
    }
}

Recommended Solution

The vulnerability has been fixed in Cacti version 1.2.25, and users are encouraged to update to this version as soon as possible.

For users who cannot update to the latest version immediately, a temporary solution would be to manually filter the HTML output from the affected returnto parameter. While this fix may not entirely remove the risk, it can help reduce exposure to the vulnerability until the platform can be updated.

In conclusion, to avoid any security risks due to CVE-2023-39360, it is crucial to update Cacti to its latest version (1.2.25) or implement manual HTML filtering for the output from the affected parameter. Remember always to stay updated and informed about security vulnerabilities within the software you use and maintain a proactive approach to keeping your systems secure.

Timeline

Published on: 09/05/2023 21:15:46 UTC
Last modified on: 11/03/2023 21:15:14 UTC