VIR Vulnerability Intelligence Relay

CVE-2022-46169

unknown KEV
Published 2023-02-16 · Modified 2023-02-16
CVSS v3
CVSS v2
VIR risk
1.5

Description

Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.

CISA KEV

Vendor
Cacti
Product
Cacti
Due date
2023-03-09

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf; https://nvd.nist.gov/vuln/detail/CVE-2022-46169

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2022-46169.html

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2022-46169

Exploits

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.2.22+ds1-3
debian debianbullseyefixed1.2.16+ds1-2+deb11u1
debian debianforkyfixed1.2.22+ds1-3
debian debiansidfixed1.2.22+ds1-3
debian debiantrixiefixed1.2.22+ds1-3
suse slesaffected

References

Verify integrity in audit chain (admin only). AS-IS.