CVE-2010-1645

Description

Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.

How to fix CVE-2010-1645

To remediate CVE-2010-1645, upgrade the affected package to a fixed version below.

• Debian/cacti—upgrade to 0.8.7g-1 or later

Is CVE-2010-1645 being exploited?

Low — EPSS is 2.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.8.7g-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-1645