CVE-2022-48538
First published: Tue Aug 22 2023(Updated: )
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti Cacti | =1.2.19 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cacti vulnerability?
The vulnerability ID for this Cacti vulnerability is CVE-2022-48538.
What is the severity of CVE-2022-48538?
The severity of CVE-2022-48538 is medium, with a severity value of 5.3.
How does the authentication bypass vulnerability in Cacti 1.2.19 work?
The authentication bypass in Cacti 1.2.19 occurs due to improper validation in the PHP code, specifically in cacti_ldap_auth(), which allows a zero as the password.
Which version of Cacti is affected by CVE-2022-48538?
CVE-2022-48538 affects Cacti version 1.2.19.
How can I fix the authentication bypass vulnerability in Cacti 1.2.19?
To fix the authentication bypass vulnerability in Cacti 1.2.19, you should update to a patched version recommended by the vendor.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/cacti
- canonical/cacti cacti
- version/cacti cacti/1.2.19