CVE-2022-0730
First published: Thu Mar 03 2022(Updated: )
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti Cacti | =1.2.19 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| debian/cacti | <=1.2.2+ds1-2+deb10u4 | 1.2.2+ds1-2+deb10u5 1.2.16+ds1-2+deb11u1 1.2.24+ds1-1 1.2.25+ds1-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/Cacti/cacti/issues/4562
- https://security-tracker.debian.org/tracker/CVE-2022-0730
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0730
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008693
- https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html
- https://lists.debian.org/debian-lts-announce/2022/12/msg00039.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVOALVZSCBFNOAAZVHTJFSFB7UDSNYQ2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZH67CCORDEYFG7NL7G6UH47PAV2PU7BA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJERS4NYIGJUXEGT6ATUQA4CBYBRDLRA/
- https://www.debian.org/security/2022/dsa-5298
- https://github.com/Cacti/cacti/commit/1386bdbf7f845a32e24ac9415f3ebb7932e77fe7
- https://github.com/Cacti/cacti/commit/8694bf28edad723585915a97b95fbf5b1816a02b
- https://github.com/Cacti/cacti/commit/0bb77ee9b4d1c7a99e0140b88789e050e523e628
Frequently Asked Questions
What is CVE-2022-0730?
CVE-2022-0730 is a vulnerability in Cacti that allows bypassing authentication under certain LDAP conditions.
How does CVE-2022-0730 affect Cacti?
CVE-2022-0730 affects Cacti version 1.2.19.
How does CVE-2022-0730 affect Debian Linux?
CVE-2022-0730 affects Debian Linux versions 9.0, 10.0, and 11.0.
What is the severity of CVE-2022-0730?
CVE-2022-0730 has a severity rating of critical (9.8).
How do I fix CVE-2022-0730 in Cacti?
To fix CVE-2022-0730 in Cacti, update to version 1.2.25+ds1-2 or a later version.
How do I fix CVE-2022-0730 in Debian Linux?
To fix CVE-2022-0730 in Debian Linux, apply the appropriate updates: 1.2.2+ds1-2+deb10u5, 1.2.16+ds1-2+deb11u1, 1.2.24+ds1-1, or 1.2.25+ds1-2.
What is the CWE classification of CVE-2022-0730?
CVE-2022-0730 is classified as CWE-287.
- collector/debian-bugs
- alias/CVE-2022-0730
- collector/nvd-index
- collector/security-tracker-debian
- vendor/cacti
- canonical/cacti cacti
- version/cacti cacti/1.2.19
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- package-manager/debian