{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-30T20:06:06.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.darkmatter.ae/xen1thlabs/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Cacti/cacti/issues/3026"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358"}, {"tags": ["x_refsource_MISC"], "url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html"}, {"name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2020/Jan/25"}, {"name": "DSA-4604", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4604"}, {"name": "openSUSE-SU-2020:0272", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"}, {"name": "openSUSE-SU-2020:0284", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"}, {"name": "GLSA-202003-40", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-40"}, {"name": "openSUSE-SU-2020:0558", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"}, {"name": "openSUSE-SU-2020:0565", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"}], "x_ConverterErrors": {"cvssV3_0": {"error": "CVSSV3_0 data from v4 record is invalid", "message": "Missing mandatory metrics \"AC\""}}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-17358", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module."}]}, "impact": {"cvss": {"attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.darkmatter.ae/xen1thlabs/", "refsource": "MISC", "url": "https://www.darkmatter.ae/xen1thlabs/"}, {"name": "https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109", "refsource": "MISC", "url": "https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109"}, {"name": "https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html", "refsource": "MISC", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html"}, {"name": "https://github.com/Cacti/cacti/issues/3026", "refsource": "MISC", "url": "https://github.com/Cacti/cacti/issues/3026"}, {"name": "https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8", "refsource": "MISC", "url": "https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358"}, {"name": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html", "refsource": "MISC", "url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html"}, {"name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2020/Jan/25"}, {"name": "DSA-4604", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4604"}, {"name": "openSUSE-SU-2020:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"}, {"name": "openSUSE-SU-2020:0284", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"}, {"name": "GLSA-202003-40", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-40"}, {"name": "openSUSE-SU-2020:0558", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"}, {"name": "openSUSE-SU-2020:0565", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:15.256Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.darkmatter.ae/xen1thlabs/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Cacti/cacti/issues/3026"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html"}, {"name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2020/Jan/25"}, {"name": "DSA-4604", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4604"}, {"name": "openSUSE-SU-2020:0272", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"}, {"name": "openSUSE-SU-2020:0284", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"}, {"name": "GLSA-202003-40", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202003-40"}, {"name": "openSUSE-SU-2020:0558", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"}, {"name": "openSUSE-SU-2020:0565", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-17358", "datePublished": "2019-12-12T13:53:51.000Z", "dateReserved": "2019-10-08T00:00:00.000Z", "dateUpdated": "2024-08-05T01:40:15.256Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4F5AE29-35EB-4B0E-8304-F5520AAE998B", "versionEndIncluding": "1.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module."}, {"lang": "es", "value": "Cacti versiones hasta 1.2.7, est\u00e1 afectado por m\u00faltiples instancias de deserializaci\u00f3n no segura de la biblioteca lib/functions.php de datos controlados por parte del usuario para llenar matrices. Un atacante autenticado podr\u00eda usar esto para influir en los valores de los datos del objeto y controlar las acciones tomadas por Cacti o potencialmente causar una corrupci\u00f3n de la memoria en el m\u00f3dulo PHP."}], "id": "CVE-2019-17358", "lastModified": "2024-11-21T04:32:10.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-12T14:15:16.133", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Cacti/cacti/issues/3026"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html"}, {"source": "cve@mitre.org", "url": "https://seclists.org/bugtraq/2020/Jan/25"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202003-40"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://www.darkmatter.ae/xen1thlabs/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2020/dsa-4604"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Third Party Advisory"], "url": "https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Cacti/cacti/issues/3026"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2020/Jan/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/202003-40"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.darkmatter.ae/xen1thlabs/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2020/dsa-4604"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}, {"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}