CVE-2016-10700
Publication date 24 November 2017
Last updated 24 July 2024
Ubuntu priority
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| cacti | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 0.8.8f+ds1-4ubuntu4.16.04.2
|
|
| 14.04 LTS trusty |
Fixed 0.8.8b+dfsg-5ubuntu0.2
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |