What is CVE-2022-46169?

CVE-2022-46169 is a critical command injection vulnerability in the Cacti open-source platform, used for operational monitoring and fault management. Unauthenticated users can exploit this vulnerability to execute arbitrary code on servers running affected Cacti versions up to and including 1.2.22.

Who is impacted by CVE-2022-46169?

Users of the Cacti open-source platform up to and including version 1.2.22 are impacted by CVE-2022-46169. If you are using these versions and have not updated to a fixed version, your systems are at risk.

What to do if CVE-2022-46169 affected you

If you're affected by the CVE-2022-46169 vulnerability, it's crucial to take action to secure your Cacti installation. Follow these simple steps to mitigate the risk:

1. Update your Cacti installation to version 1.2.23 or later, which includes the patch for this vulnerability. See the commit details for more information.

2. If you cannot update immediately, consider manually applying the changes from the commit to your current installation.

3. Regularly check for updates and security patches to keep your Cacti installation secure.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the Cacti Command Injection Vulnerability (CVE-2022-46169) is in CISA's Known Exploited Vulnerabilities Catalog. It was added on February 16, 2023, and the due date for required action is March 9, 2023. To address this vulnerability, apply updates as instructed by the vendor.

Weakness Enumeration

The weakness enumeration for this vulnerability includes CWE-863 Incorrect Authorization, CWE-78 OS Command Injection, and CWE-74 Injection.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

• NVD - CVE-2022-46169

• Cacti/cacti