CVE-2022-46169

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2022-46169 is a critical pre-authentication command injection vulnerability discovered in the Cacti network operations framework. This flaw, which existed in all versions of Cacti up to 1.2.22, could be exploited by threat actors to deliver malware, thereby compromising the security of systems using this software. The Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its catalog of known exploited vulnerabilities in February 2023, highlighting its significance and potential impact on cybersecurity. In April 2023, FortiGuard Labs researchers observed an active hacking campaign that was exploiting this vulnerability, along with another flaw in Realtek (CVE-2021-35394). The attackers were using these vulnerabilities to spread two types of malware: ShellBot and Moobot. ShellBot is known for targeting Linux SSH servers, while Moobot has been seen targeting D-Link devices. These malwares can cause significant damage and disruption by taking over the affected systems and integrating them into botnets. The exploitation of CVE-2022-46169 underscores the importance of timely patching and system updates. Organizations utilizing Cacti are urged to update their systems to the latest version to mitigate the risk associated with this vulnerability. Further, it is recommended to follow best cybersecurity practices such as regularly monitoring system logs, employing strong and unique passwords, and implementing multi-factor authentication where possible to enhance overall system security.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Fortiguard
Malware
Server
CISA
flaw
Nvd
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
ShellbotUnspecified
3
ShellBot is a malicious software (malware) that has been targeting poorly managed Linux SSH servers. The malware, which was detected in multiple variants, is primarily being used to carry out distributed denial-of-service (DDoS) attacks. ShellBot exploits the Cacti bug and uses it as a primary lever
MoobotUnspecified
3
Moobot is a notorious malware that has been active since at least 2016. This malicious software, designed to exploit and damage computer systems, infiltrates devices through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disr
PerlbotUnspecified
1
PerlBot, also known as ShellBot, is a harmful malware developed using the Perl programming language. This Distributed Denial of Service (DDoS) bot is designed to exploit poorly managed Linux SSH servers, primarily through dictionary attacks on weak SSH credentials. It uses the IRC protocol for Comma
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2021-35394Unspecified
2
The CVE-2021-35394 vulnerability, a flaw in the software design or implementation of Realtek Jungle SDK, has seen significant exploitation by threat actors. From August to October 2022, the number of attacks attempting to exploit this remote code execution vulnerability accounted for more than 40% o
Source Document References
Information about the CVE-2022-46169 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation
Securityaffairs
a year ago
CISA adds Cacti, Office, Windows and iOS bugs to its Known Exploited Vulnerabilities Catalog
CERT-EU
a year ago
CISA warns of Windows and iOS bugs exploited as zero-days
CERT-EU
4 months ago
Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations
CERT-EU
a year ago
AudienceView cyberattack impacts US, Canadian colleges, universities
CERT-EU
a year ago
NVD - CVE-2022-46169
CERT-EU
a year ago
Malware botnets spread through Cacti, Realtek flaws
Securityaffairs
a year ago
Moobot botnet spreads by targeting Cacti and RealTek flaws
Unit42
a year ago
Network Security Trends: November 2022-January 2023
CERT-EU
a year ago
CVE-2022-46169 : Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management fram
Securityaffairs
4 months ago
US Gov dismantled the Moobot botnet controlled by Russia-linked APT28
CERT-EU
a year ago
Impact of 3CX supply chain attack still examined as company admits gaps
DARKReading
5 months ago
Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability
Fortinet
a year ago
Moobot Strikes Again - Targeting Cacti And RealTek Vulnerabilities | FortiGuard Labs