CVE-2022-46169

Vulnerability updated 7 months ago (2024-05-04T19:28:55.556Z)

Download STIX

Preview STIX

CVE-2022-46169 is a critical pre-authentication command injection vulnerability discovered in the Cacti network operations framework. This flaw, which existed in all versions of Cacti up to 1.2.22, could be exploited by threat actors to deliver malware, thereby compromising the security of systems using this software. The Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its catalog of known exploited vulnerabilities in February 2023, highlighting its significance and potential impact on cybersecurity. In April 2023, FortiGuard Labs researchers observed an active hacking campaign that was exploiting this vulnerability, along with another flaw in Realtek (CVE-2021-35394). The attackers were using these vulnerabilities to spread two types of malware: ShellBot and Moobot. ShellBot is known for targeting Linux SSH servers, while Moobot has been seen targeting D-Link devices. These malwares can cause significant damage and disruption by taking over the affected systems and integrating them into botnets. The exploitation of CVE-2022-46169 underscores the importance of timely patching and system updates. Organizations utilizing Cacti are urged to update their systems to the latest version to mitigate the risk associated with this vulnerability. Further, it is recommended to follow best cybersecurity practices such as regularly monitoring system logs, employing strong and unique passwords, and implementing multi-factor authentication where possible to enhance overall system security.

Description last updated: 2024-05-04T17:18:12.838Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Fortiguard

Malware

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Shellbot Malware is associated with CVE-2022-46169. ShellBot is a malicious software (malware) variant that has been actively targeting poorly managed Linux SSH servers. As reported by Hacker News and HackRead in March 2023, this Perl-based DDoS bot deploys different variants to exploit these servers. ShellBot, along with another DDoS malware called	Unspecified	3
The Moobot Malware is associated with CVE-2022-46169. Moobot is a type of malware, or malicious software, designed to exploit and damage computer systems. It can infiltrate these systems via suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even hold dat	Unspecified	3

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2021-35394 Vulnerability is associated with CVE-2022-46169. The CVE-2021-35394 vulnerability, a flaw in the software design or implementation of Realtek Jungle SDK, has seen significant exploitation by threat actors. From August to October 2022, the number of attacks attempting to exploit this remote code execution vulnerability accounted for more than 40% o	Unspecified	2

Source Document References

Information about the CVE-2022-46169 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	9 months ago	Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
Securityaffairs	9 months ago	US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
DARKReading	10 months ago	Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability
CERT-EU	a year ago	CVE-2022-46169 : Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management fram
CERT-EU	a year ago	NVD - CVE-2022-46169
CERT-EU	2 years ago	CISA warns of Windows and iOS bugs exploited as zero-days
Securityaffairs	2 years ago	CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
Fortinet	2 years ago	Moobot Strikes Again - Targeting Cacti And RealTek Vulnerabilities \| FortiGuard Labs
CERT-EU	2 years ago	Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Securityaffairs	2 years ago	Moobot botnet spreads by targeting Cacti and RealTek flaws
CERT-EU	2 years ago	Impact of 3CX supply chain attack still examined as company admits gaps
CERT-EU	2 years ago	Malware botnets spread through Cacti, Realtek flaws
CERT-EU	2 years ago	AudienceView cyberattack impacts US, Canadian colleges, universities
Unit42	2 years ago	Network Security Trends: November 2022-January 2023