CVE-2014-2327: CSRF
First published: Wed Apr 23 2014(Updated: )
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/cacti | 1.2.16+ds1-2+deb11u3 1.2.24+ds1-1+deb12u2 1.2.27+ds1-2 | |
| Cacti | >=0.8.7<=0.8.7g | |
| Cacti | >=0.8.8<=0.8.8b | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| SUSE Linux | =13.1 | |
| SUSE Linux | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.cacti.net/view.php?id=2432
- https://security-tracker.debian.org/tracker/CVE-2014-2327
- http://jvn.jp/en/jp/JVN55076671/index.html
- http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002239.html
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
- http://secunia.com/advisories/59203
- http://www.debian.org/security/2014/dsa-2970
- http://www.securityfocus.com/archive/1/531588
- http://www.securityfocus.com/bid/66392
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768
- https://security.gentoo.org/glsa/201509-03
Frequently Asked Questions
What is the severity of CVE-2014-2327?
CVE-2014-2327 is classified as a medium severity vulnerability due to its potential for exploitation through cross-site request forgery.
How do I fix CVE-2014-2327?
To fix CVE-2014-2327, upgrade to Cacti versions 1.2.16+ds1-2+deb11u3, 1.2.24+ds1-1+deb12u2, or 1.2.27+ds1-2.
What versions of Cacti are affected by CVE-2014-2327?
CVE-2014-2327 affects Cacti versions 0.8.7g, 0.8.8b, and earlier.
What types of commands can be exploited in CVE-2014-2327?
CVE-2014-2327 allows attackers to exploit user authentication to modify binary files, configurations, or add arbitrary users.
Is CVE-2014-2327 a type of injection vulnerability?
No, CVE-2014-2327 is specifically a cross-site request forgery (CSRF) vulnerability.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/debian
- vendor/cacti
- canonical/cacti
- version/cacti/0.8.7
- version/cacti/0.8.7g
- version/cacti/0.8.8
- version/cacti/0.8.8b
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/opensuse
- canonical/suse linux
- version/suse linux/13.1
- version/suse linux/13.2