{"vulnerability": "cve-2022-46169", "sightings": [{"uuid": "0e2865b8-08a5-4eff-80e2-330a3166c563", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3568", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-46169\nURL\uff1ahttps://github.com/imjdl/CVE-2022-46169\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-07T07:17:18.000000Z"}, {"uuid": "24d4d79e-ca30-48d6-8a2c-b3b8912bbd56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "Telegram/7fgJPbYm76Noyc5NVfwJ4imA4GEc6x2X4VIWCPGaO6mzOX0", "content": "", "creation_timestamp": "2025-07-02T15:00:06.000000Z"}, {"uuid": "6e5245ad-04f3-454b-93dc-ec5cd88f2ae4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/4427", "content": "\u200b\u26a1\ufe0fCacti \u0432\u043d\u043e\u0432\u044c \u043f\u043e\u0434 \u0443\u0434\u0430\u0440\u043e\u043c: \u0441\u0440\u0430\u0437\u0443 12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u044e\u0442 \u0445\u0430\u043a\u0435\u0440\u0430\u043c \u043f\u0443\u0442\u0438 \u0434\u043b\u044f \u0430\u0442\u0430\u043a\n\n\ud83d\udcac\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Cacti, \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c \u0434\u043b\u044f \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0442\u044f\u043c\u0438, \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u043b\u0438 12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0434\u0432\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435, \u0432\u0435\u0434\u0443\u0449\u0438\u0435 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\n\u0412\u043e\u0442 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u044b\u0435 \u0438\u0437 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439:\n\nCVE-2024-25641 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9.1). \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0438 \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u00ab\u0418\u043c\u043f\u043e\u0440\u0442 \u043f\u0430\u043a\u0435\u0442\u043e\u0432\u00bb, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0441 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0435\u043c \u043d\u0430 \u00ab\u0418\u043c\u043f\u043e\u0440\u0442 \u0448\u0430\u0431\u043b\u043e\u043d\u043e\u0432\u00bb \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 PHP-\u043a\u043e\u0434 \u043d\u0430 \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0435, \u0447\u0442\u043e \u0441\u043f\u043e\u0441\u043e\u0431\u043d\u043e \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430.\nCVE-2024-29895 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 10.0). \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u0430\u043d\u0434, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043b\u044e\u0431\u043e\u043c\u0443 \u043d\u0435\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u043f\u0440\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u0439 \u043e\u043f\u0446\u0438\u0438 \u00abregister_argc_argv\u00bb \u0432 PHP.\n\u0422\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0434\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u043b\u0438 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u0447\u0435\u0440\u0435\u0437 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e \u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0444\u0430\u0439\u043b\u043e\u0432:\n\nCVE-2024-31445 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS 8.8). \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0432 api_automation.php, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u044d\u0441\u043a\u0430\u043b\u0430\u0446\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441 \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u044b\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u043e\u0434\u0430.\nCVE-2024-31459 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442). \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u0430 lib/plugin.php, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\u0421\u043b\u0435\u0434\u0443\u0435\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e 10 \u0438\u0437 12 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0437\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c CVE-2024-29895 \u0438 CVE-2024-30268 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Cacti \u0434\u043e 1.2.26 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e. \u042d\u0442\u0438 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.2.27, \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u043e\u0439 13 \u043c\u0430\u044f 2024 \u0433\u043e\u0434\u0430. \u0414\u0432\u0435 \u0434\u0440\u0443\u0433\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 1.3.x \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432.\n\n\u0414\u0430\u043d\u043d\u0430\u044f \u0441\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0432\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u0441 Cacti \u0441\u043f\u0443\u0441\u0442\u044f \u0431\u043e\u043b\u0435\u0435 \u0432\u043e\u0441\u044c\u043c\u0438 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043f\u043e\u0441\u043b\u0435 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0440\u0443\u0433\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 SQL-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u0438 ( CVE-2023-39361, CVSS 9.8), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434.\n\n\u0410 \u0432 \u043d\u0430\u0447\u0430\u043b\u0435 2023 \u0433\u043e\u0434\u0430 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2022-46169 \u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9.8 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u0437\u043b\u0430\u043c\u044b\u0432\u0430\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0438\u0437 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u044b Cacti \u0434\u043b\u044f \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0431\u043e\u0442\u043d\u0435\u0442\u043e\u0432 MooBot \u0438 ShellBot.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0434\u043b\u044f \u0432\u044b\u0448\u0435\u043e\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0443\u0436\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b \u0432 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u0445 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f\u0445 GitHub, \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0434\u043b\u044f \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-05-14T14:37:41.000000Z"}, {"uuid": "35518ad7-74be-4907-85df-e31c3d873423", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://t.me/ctinow/87122", "content": "Cacti servers under attack by attackers exploiting CVE-2022-46169\n\nhttps://ift.tt/sTMGvRO", "creation_timestamp": "2023-01-16T13:28:34.000000Z"}, {"uuid": "b10508a4-b6d7-4f9f-a996-5404be769690", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/3436", "content": "\u200b\u200bCVE-2022-25765 \n\npdfkit Exploit Reverse Shell\n\npdfkit <0.8.6 command injection shell. The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized. (Tested on ver 0.8.6) - CVE-2022-25765\n\nhttps://github.com/CyberArchitect1/CVE-2022-25765-pdfkit-Exploit-Reverse-Shell\n\n\u200b\u200bCVE-2022-45025\n\nCommand injection via PDF import in Markdown Preview Enhanced (VSCode, Atom)\n\nhttps://github.com/yuriisanin/CVE-2022-45025\n\n\u200b\u200bCVE-2022-36537\n\nZK Framework - Exposure of Sensitive Information to an Unauthorized Actor\n\nhttps://github.com/agnihackers/CVE-2022-36537-EXPLOIT\n\n\u200b\u200bCVE-2022-39066\n\nSQL Injection Vulnerability in ZTE MF286R\n\nhttps://github.com/v0lp3/CVE-2022-39066\n\n\u200b\u200bCVE-2022-46381\n\nYou can scan this vulnerability on your company's subdomains using the nuclei scanner with the template specified in this repo \"CVE-2022-46381.yaml\"\n\nhttps://github.com/omarhashem123/Security-Research/tree/main/CVE-2022-46381\n\n\u200b\u200bCVE-2022-45771 - Pwndoc LFI to RCE\n\nPwndoc local file inclusion to remote code execution of Node.js code on the server.\n\nhttps://github.com/p0dalirius/CVE-2022-45771-Pwndoc-LFI-to-RCE\n\n\u200b\u200bCVE-2022-46169\n\nCacti remote_agent.php Unauthenticated Command Injection.\n\nhttps://github.com/0xf4n9x/CVE-2022-46169\n\n\u200b\u200bCVE-2022-45451\n\nPoC for CVE-2022-45451 Acronis Arbitrary File Read\n\nhttps://github.com/alfarom256/CVE-2022-45451\n\nCVE-2022-28672\n\nThis bug was Use after Free caused by improper handling of javascript object memory references.\n\nhttps://github.com/hacksysteam/CVE-2022-28672\n\nUse after Free - RCE Exploit: https://hacksys.io/blogs/foxit-reader-uaf-rce-jit-spraying-cve-2022-28672\n\n\u200b\u200bCVE-2003-0358\n\nBuffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges > via a long -s command line option.\n\nhttps://github.com/snowcra5h/CVE-2003-0358\n\n\u200b\u200bCVE-2022-39253\n\nDocker host file read\n\nhttps://github.com/ssst0n3/docker-cve-2022-39253-poc\n\n\u200b\u200bCVE-2022-48870\n\nmaccms admin+ xss attacks\n\nhttps://github.com/Cedric1314/CVE-2022-48870\n\n\u200b\u200bCVE-2022-2602\n\nPoC Kernel Privilege Escalation Linux\n\nhttps://github.com/kiks7/CVE-2022-2602-Kernel-Exploit\n\n\u200b\u200bEvilWfshbr\n\nCVE-2022-42046 Proof of Concept of wfshbr64.sys local privilege escalation\n\nhttps://github.com/kkent030315/CVE-2022-42046\n\n\u200b\u200bCVE-2022-2602\n\nThis repository contains exploits for CVE-2022-2602. There are two versions of it:\n\n\u25ab\ufe0f Exploit using userfaultfd technique.\n\u25ab\ufe0f Exploit using inode locking technique.\n\nhttps://github.com/LukeGix/CVE-2022-2602\n\n#cve #poc \n@pfkgit", "creation_timestamp": "2023-01-28T19:14:38.000000Z"}, {"uuid": "f347a889-1540-403b-ba56-bacface38838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/665", "content": "\ud83d\udca3 \u0647\u0634\u062f\u0627\u0631!\n\n\u0627\u0628\u0631\u0627\u0632 \u0645\u0627\u0646\u06cc\u062a\u0648\u0631\u06cc\u0646\u06af Cacti \u06cc\u06a9\u06cc \u0627\u0632 \u0645\u0639\u0631\u0648\u0641\u062a\u0631\u06cc\u0646 \u0647\u0627 \u0648 \u067e\u0631\u06a9\u0627\u0631\u0628\u0631\u062f\u062a\u0631\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631\u0647\u0627\u060c \u0628\u062e\u0635\u0648\u0635 \u062f\u0631 \u0628\u062e\u0634 \u0634\u0628\u06a9\u0647 \u0627\u0633\u062a \u06a9\u0647 \u062f\u0631 \u0627\u06cc\u0631\u0627\u0646 \u0646\u06cc\u0632 \u062a\u0648\u062c\u0647 \u0648\u06cc\u0698\u0647 \u0627\u06cc \u0628\u0647 \u0622\u0646 \u0645\u06cc \u0634\u0648\u062f.\n\u062e\u06cc\u0644\u06cc \u0627\u0632 \u0645\u062c\u0645\u0648\u0639\u0647 \u0647\u0627\u060c \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0631\u0627\u062d\u062a\u06cc \u062f\u0631 \u067e\u06cc\u0627\u062f\u0647 \u0633\u0627\u0632\u06cc \u0648 \u0627\u0632 \u0647\u0645\u0647 \u0645\u0647\u0645\u062a\u0631 \u0645\u062a\u0646 \u0628\u0627\u0632 \u0648 \u0631\u0627\u06cc\u06af\u0627\u0646 \u0628\u0648\u062f\u0646\u060c \u0627\u0632 \u0622\u0646 \u0628\u0647\u0631\u0647 \u0645\u06cc \u0628\u0631\u062f\u0646\u062f.\n\n\u062d\u062a\u0645\u0627 \u0627\u062e\u0628\u0627\u0631 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 Solarwinds \u0631\u0627 \u0628\u0647 \u06cc\u0627\u062f \u062f\u0627\u0631\u06cc\u062f\u060c \u0627\u06cc\u0646\u062c\u0627 \u0628\u062d\u062b \u0645\u0642\u0627\u06cc\u0633\u0647 \u0646\u06cc\u0633\u062a \u0628\u06cc\u0634\u062a\u0631 \u0627\u0647\u0645\u06cc\u062a \u0648 \u062c\u0627\u06cc\u06af\u0627\u0647 \u0627\u06cc\u0646 \u0642\u0628\u06cc\u0644 \u0645\u062d\u0635\u0648\u0644\u0627\u062a \u0627\u0633\u062a \u06a9\u0647 \u0645\u0648\u0636\u0648\u0639 \u0631\u0627 \u067e\u0631 \u0631\u0646\u06af \u0645\u06cc \u06a9\u0646\u062f.\n\n\u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062d\u06cc\u0627\u062a\u06cc \u0628\u0627 \u0627\u0645\u062a\u06cc\u0627\u0632 9.8 \u0627\u0632 \u0646\u0648\u0639 RCE (\u06a9\u0647 \u0627\u0645\u06a9\u0627\u0646 \u0628\u0631\u067e\u0627\u06cc\u06cc Reverse Shell \u0631\u0627 \u0646\u06cc\u0632 \u0628\u0631\u0627\u06cc \u0645\u0647\u0627\u062c\u0645 \u0628\u0647 \u0627\u0631\u0645\u063a\u0627\u0646 \u0645\u06cc \u0622\u0648\u0631\u062f) \u0628\u0627 \u0634\u0646\u0627\u0633\u0647 CVE-2022-46169 \u062f\u0631 \u0627\u06cc\u0646 \u0645\u062d\u0635\u0648\u0644 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0627\u0633\u062a.\n\n\ud83d\udd11 \u062f\u0631 \u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 \u0627\u0632 \u0627\u06cc\u0646 \u0627\u0628\u0632\u0627\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u0646\u0645\u0627\u06cc\u062f\u060c \u0647\u0631\u0686\u0647 \u0633\u0631\u06cc\u0639\u062a\u0631 \u0628\u0647 \u0631\u0648\u0632\u0631\u0633\u0627\u0646\u06cc \u0631\u0627 \u062f\u0631 \u0627\u0648\u0644\u0648\u06cc\u062a \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f.\n\n\u062c\u0632\u0626\u06cc\u0627\u062a  \u06a9\u0627\u0645\u0644: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf", "creation_timestamp": "2023-01-19T18:30:59.000000Z"}, {"uuid": "234d8530-3ca7-46ae-85c9-9f1201a2f1bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/629", "content": "CVE-2022-46169 : Cacti 1.2.22 - Unauthenticated Command Injection\u200c\nPOC : https://github.com/0xf4n9x/CVE-2022-46169", "creation_timestamp": "2022-12-18T21:29:02.000000Z"}, {"uuid": "884c0b27-104a-4218-bf0e-8bac69c412f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2256", "content": "CVE-2022-46169\n\nExploit to CVE-2022-46169 vulnerability on Cacti 1.2.19\n\nhttps://system32.ink/news-feed/p/135/", "creation_timestamp": "2023-01-14T14:01:37.000000Z"}, {"uuid": "39dd7e30-22b8-4302-a221-126b89607a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://t.me/NeKaspersky/2755", "content": "\u0425\u0430\u043a\u0435\u0440\u044b \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0431\u0440\u0435\u0448\u044c\u044e \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 Cacti\n\n\u041e\u0431 \u044d\u0442\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Censys. \u041e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u044f \u0433\u0440\u0430\u0444\u0438\u043a\u043e\u0432 \u043f\u0440\u043e\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043b\u044e\u0431\u043e\u0433\u043e \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043a \u0444\u0430\u0439\u043b\u0443 \"remote_agent.php\". \u0412 \u0445\u043e\u0434\u0435 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0430\u0442\u0430\u043a \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u0440\u0430\u0437\u0432\u0451\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u041f\u041e \u043d\u0430 \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0451\u043d\u043d\u044b\u0445 \u0443\u0437\u043b\u0430\u0445. \n\n\u0411\u0440\u0435\u0448\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2022-46169\n\n\u041d\u0435\u041a\u0430\u0441\u043f\u0435\u0440\u0441\u043a\u0438\u0439", "creation_timestamp": "2023-01-16T08:34:03.000000Z"}, {"uuid": "3e2ae117-112b-4407-ae33-f38b8f6f0699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2540", "content": "#CVE-2022\nTOP All bugbounty pentesting CVE-2022- POC Exp\u00a0 RCE example payload\u00a0 Things\nhttps://github.com/amitlttwo/CVE-2022-2414-Proof-Of-Concept\n\nFor CVE-2022-33891 Apache Spark: Emulation and Detection by West Shepherd\nhttps://github.com/ps-interactive/lab_security_apache_spark_emulation_detection\n\nCVE-2022-46169\n\nhttps://github.com/imjdl/CVE-2022-46169\n\n@BlueRedTeam", "creation_timestamp": "2022-12-27T19:38:43.000000Z"}, {"uuid": "091265a5-3295-4e1d-99a3-20fda68aed9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "27ba5f81-e56b-4caf-9635-237ef0b18b27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}, {"uuid": "06caad98-27f3-4e95-825e-2ee7b590ce8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:49.000000Z"}, {"uuid": "3998dfd1-1c6a-4cda-899f-dd04ce3ef601", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-03-24)", "content": "", "creation_timestamp": "2025-03-24T00:00:00.000000Z"}, {"uuid": "e4b78a97-7143-40e4-bc68-d511e9ef1088", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "https://t.me/cibsecurity/54031", "content": "\u203c CVE-2022-46169 \u203c\n\nCacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device. The vulnerability resides in the `remote_agent.php` file. This file can be accessed without authentication. This function retrieves the IP address of the client via `get_client_addr` and resolves this IP address to the corresponding hostname via `gethostbyaddr`. After this, it is verified that an entry within the `poller` table exists, where the hostname corresponds to the resolved hostname. If such an entry was found, the function returns `true` and the client is authorized. This authorization can be bypassed due to the implementation of the `get_client_addr` function. The function is defined in the file `lib/functions.php` and checks serval `$_SERVER` variables to determine the IP address of the client. The variables beginning with `HTTP_` can be arbitrarily set by an attacker. Since there is a default entry in the `poller` table with the hostname of the server running Cacti, an attacker can bypass the authentication e.g. by providing the header `Forwarded-For: `. This way the function `get_client_addr` returns the IP address of the server running Cacti. The following call to `gethostbyaddr` will resolve this IP address to the hostname of the server, which will pass the `poller` hostname check because of the default entry. After the authorization of the `remote_agent.php` file is bypassed, an attacker can trigger different actions. One of these actions is called `polldata`. The called function `poll_for_data` retrieves a few request parameters and loads the corresponding `poller_item` entries from the database. If the `action` of a `poller_item` equals `POLLER_ACTION_SCRIPT_PHP`, the function `proc_open` is used to execute a PHP script. The attacker-controlled parameter `$poller_id` is retrieved via the function `get_nfilter_request_var`, which allows arbitrary strings. This variable is later inserted into the string passed to `proc_open`, which leads to a command injection vulnerability. By e.g. providing the `poller_id=;id` the `id` command is executed. In order to reach the vulnerable call, the attacker must provide a `host_id` and `local_data_id`, where the `action` of the corresponding `poller_item` is set to `POLLER_ACTION_SCRIPT_PHP`. Both of these ids (`host_id` and `local_data_id`) can easily be bruteforced. The only requirement is that a `poller_item` with an `POLLER_ACTION_SCRIPT_PHP` action exists. This is very likely on a productive instance because this action is added by some predefined templates like `Device - Uptime` or `Device - Polling Time`. This command injection vulnerability allows an unauthenticated user to execute arbitrary commands if a `poller_item` with the `action` type `POLLER_ACTION_SCRIPT_PHP` (`2`) is configured. The authorization bypass should be prevented by not allowing an attacker to make `get_client_addr` (file `lib/functions.php`) return an arbitrary IP address. This could be done by not honoring the `HTTP_...` `$_SERVER` variables. If these should be kept for compatibility reasons it should at least be prevented to fake the IP address of the server running Cacti. This vulnerability has been addressed in both the 1.2.x and 1.3.x release branches with `1.2.23` being the first release containing the patch.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T00:40:20.000000Z"}, {"uuid": "adb036d3-7c4d-42c0-ad35-a15b6888fdd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://t.me/CNArsenal/387", "content": "Cacti remote_agent.php \u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e CVE-2022-46169\nCacti < 1.2.17-1.2.22\napp=\"Cacti-\u76d1\u63a7\u7cfb\u7edf\"\n\n\nGET /remote_agent.php?action=polldata&local_data_ids[0]=6&host_id=1&poller_id=id>1.txt\nX-Forwarded-For: 127.0.0.1\n\n#exploit #poc", "creation_timestamp": "2024-08-20T17:04:12.000000Z"}, {"uuid": "6194e860-a4df-4f61-bd39-94f7b7c48777", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7314", "content": "#exploit\n1. CVE-2022-46169:\nCritical vulnerability affects Cacti network graphing solution\nhttps://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution\n\n2. Linux PrivEsc(2) - Scheduled Tasks (cron)\nhttps://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152\n\n3. CVE-2022-45313/45315:\nMikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process\nhttps://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313\nhttps://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315\n\n@pocfather_bot", "creation_timestamp": "2022-12-07T11:01:06.000000Z"}, {"uuid": "bf3cadcd-222a-4c09-b849-06d7a046d239", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:40.000000Z"}, {"uuid": "4b227e8a-ecef-469f-a816-8968820e064a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2025-07-07)", "content": "", "creation_timestamp": "2025-07-07T00:00:00.000000Z"}, {"uuid": "7b279b2a-3548-48f9-9bd7-9f52c02843ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://t.me/habr_com_news/13888", "content": "\u041f\u0440\u043e\u0444\u0438\u043b\u044c\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u043d\u0430\u0447\u0430\u043b\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-46169 \u0432 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u0435\u0442\u0438 Cacti.\n\n#\u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c", "creation_timestamp": "2023-01-16T14:11:31.000000Z"}, {"uuid": "74ae13d6-598c-4ca7-a196-ceb55bb728f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://t.me/TopCyberTechNews/237", "content": "Top Security News for 15/01/2023\n\ne-Discovery Law and Lawyers in Fifty Years\nhttps://malware.news/t/e-discovery-law-and-lawyers-in-fifty-years/66406#post_1 \n\njust got infected with vipersoftx and i dont know how\nhttps://www.reddit.com/r/Malware/comments/10bo8sn/just_got_infected_with_vipersoftx_and_i_dont_know/ \n\nsanta-linux: a proof of concept binary authorization system for linux, based on Google's Santa\nhttps://www.reddit.com/r/netsec/comments/10bt2e1/santalinux_a_proof_of_concept_binary/ \n\nMysql SOUNDEX function in Symfony with Doctrine\nhttps://malware.news/t/mysql-soundex-function-in-symfony-with-doctrine/66405#post_1 \n\nAnalysis of FG-IR-22-398 \u2013 FortiOS - heap-based buffer overflow in SSLVPNd\nhttps://www.reddit.com/r/netsec/comments/10bzr8n/analysis_of_fgir22398_fortios_heapbased_buffer/ \n\nImpact of the CircleCI Security Incident on the Datadog Agent\nhttps://www.reddit.com/r/netsec/comments/10bvjm4/impact_of_the_circleci_security_incident_on_the/ \n\nMost internet-exposed Cacti servers exposed to hacking\nhttps://securityaffairs.com/140797/hacking/cacti-servers-cve-2022-46169-flaw.html \n\nIs it possible to hack iCloud info for missing person (last known location of phone)\nhttps://www.reddit.com/r/netsec/comments/10c5ps9/is_it_possible_to_hack_icloud_info_for_missing/ \n\nCacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability\nhttps://thehackernews.com/2023/01/cacti-servers-under-attack-as-majority.html \n\nFrench CNIL fined Tiktok $5.4 Million for violating cookie laws\nhttps://securityaffairs.com/140786/digital-id/cnil-fined-tiktok.html \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-01-15T08:00:04.000000Z"}, {"uuid": "b418d087-46b3-4958-8c26-60a41ce1a98f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1666", "content": "#exploit\n1. CVE-2022-46169:\nCritical vulnerability affects Cacti network graphing solution\nhttps://securityonline.info/cve-2022-46169-critical-vulnerability-affects-cacti-network-graphing-solution\n\n2. Linux PrivEsc(2) - Scheduled Tasks (cron)\nhttps://medium.com/@tinopreter/linux-privesc-2-scheduled-tasks-cron-b23c4c4df152\n\n3. CVE-2022-45313/45315:\nMikrotik RouterOs <7.5/7.6 was discovered to contain an OOB R/ in the hotspot vuln/snmp process\nhttps://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45313\nhttps://github.com/cq674350529/pocs_slides/tree/master/advisory/MikroTik/CVE-2022-45315", "creation_timestamp": "2022-12-07T14:51:25.000000Z"}, {"uuid": "f81da029-c26a-4f0d-b2fd-4a6643b624b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "https://t.me/crackcodes/2203", "content": "Cacti: Unauthenticated Remote Code Execution (CVE-2022-46169)\nhttps://ift.tt/BUxzjQ9\n\nSubmitted January 11, 2023 at 05:28AM by monoimpact\nvia reddit https://ift.tt/hcIzBt2", "creation_timestamp": "2023-01-11T03:31:50.000000Z"}, {"uuid": "78118dec-b3b0-413c-bfad-052b939ba75f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://t.me/true_secator/3939", "content": "\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0438\u043d\u0441\u0442\u0430\u043b\u043b\u044f\u0446\u0438\u0439 Cacti \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 RCE-\u043e\u0448\u0438\u0431\u043a\u0438, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 \u0445\u043e\u0434\u0435 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a.\n\n\u0412\u0435\u0431-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0434\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0433\u043e \u043c\u043e\u043d\u0438\u0442\u043e\u0440\u0438\u043d\u0433\u0430 \u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043d\u043e\u0441\u0442\u044f\u043c\u0438 \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u043c \u043a\u043e\u0434\u043e\u043c Cacti \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043d\u043e\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 RRDtool.\n\n\u0412 \u043d\u0430\u0447\u0430\u043b\u0435 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430 \u0441\u043e\u043f\u0440\u043e\u0432\u043e\u0436\u0434\u0430\u044e\u0449\u0438\u0435 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u043e\u0431\u044a\u044f\u0432\u0438\u043b\u0438 \u043e\u0431\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u0445 \u0434\u043b\u044f CVE-2022-46169 c \u043e\u0446\u0435\u043d\u043a\u043e\u0439 CVSS 9,8, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 Cacti.\n\n\u041e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430\u00a0\u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 5 \u0434\u0435\u043a\u0430\u0431\u0440\u044f, \u0432 \u0442\u043e\u0442 \u0436\u0435 \u0434\u0435\u043d\u044c, \u043a\u043e\u0433\u0434\u0430 \u043e\u043d\u0430 \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438 SonarSource.\n\n\u0427\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a 3 \u044f\u043d\u0432\u0430\u0440\u044f SonarSource \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430\u00a0\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 CVE-2022-46169\u00a0Shadowserver \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u043f\u0435\u0440\u0432\u044b\u0435\u00a0\u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u043e\u043c\u0430\u043d\u0434 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043f\u043e\u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0443\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b Censys \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u0437 6400 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0445 \u0435\u044e \u0445\u043e\u0441\u0442\u043e\u0432 Cacti, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0432 \u0418\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435, \u0442\u043e\u043b\u044c\u043a\u043e\u00a0\u043d\u0430 26 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0430 \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f\u00a0\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430.\u00a0\u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u0445 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u0411\u0440\u0430\u0437\u0438\u043b\u0438\u0438, \u0418\u043d\u0434\u043e\u043d\u0435\u0437\u0438\u0438 \u0438 \u0421\u0428\u0410.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Cacti \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.", "creation_timestamp": "2023-01-13T18:05:06.000000Z"}, {"uuid": "8f3d900e-aced-4fd5-832a-5b806d3a2b51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://t.me/thehackernews/2953", "content": "If you use Cacti for web-based monitoring, be sure to patch ASAP!\n\nA critical vulnerability [CVE-2022-46169] is being actively exploited in the wild and a majority of internet-exposed servers have not been patched yet.\n\nRead: https://thehackernews.com/2023/01/cacti-servers-under-attack-as-majority.html", "creation_timestamp": "2023-01-14T09:17:05.000000Z"}, {"uuid": "2d5b572c-ec18-4726-b1ef-41cd519eadb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971767", "content": "", "creation_timestamp": "2024-12-24T20:33:49.400244Z"}, {"uuid": "ed50cee2-cd73-41a1-9e37-11d4d90ec2e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cacti_unauthenticated_cmd_injection.rb", "content": "", "creation_timestamp": "2023-01-23T19:50:39.000000Z"}, {"uuid": "9a86fad9-da54-422d-bb6e-667dd3944d66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:13:05.000000Z"}, {"uuid": "d3c5f877-dac4-4baf-9600-e4b9523fe870", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-46169", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_23/2022", "content": "", "creation_timestamp": "2022-12-12T08:44:41.000000Z"}, {"uuid": "ccb909a7-c23d-4d97-a560-986531a1451c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4bafad59-2a95-43e7-8116-ef8a85665f8f", "content": "", "creation_timestamp": "2026-02-02T12:27:04.994642Z"}, {"uuid": "7c9a5bab-f663-48e8-ae19-75558adf822f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46169", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/4bafad59-2a95-43e7-8116-ef8a85665f8f", "content": "", "creation_timestamp": "2026-02-02T12:27:04.994642Z"}]}