Security Advisory

CVE-2020-7237

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-01-20 04:06:41
Last updated 2024-08-04 09:25:48
Assigner mitre
State PUBLISHED

Description

Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.