CVE-2024-54145

MediumPublic PoC

Published: 27 January 2025

Published

27 January 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0019 39.8th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54145 is a medium-severity SQL Injection (CWE-89) vulnerability in Cacti Cacti. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly prevents SQL injection attacks like CVE-2024-54145 by enforcing validation of untrusted inputs such as the unsanitized 'network' parameter in automation_devices.php.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of flaws like this SQL injection vulnerability, as fixed in Cacti 1.2.29.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Enables proactive detection of SQL injection vulnerabilities like CVE-2024-54145 through regular automated scanning and risk-based remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

SQL injection in network-accessible Cacti web app directly enables T1190 exploitation for initial or post-auth access; arbitrary SQL execution facilitates T1213.006 database data access/modification.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

Deeper analysisAI

CVE-2024-54145 is a SQL injection vulnerability (CWE-89) in Cacti, an open source performance and fault management framework. The flaw exists in the get_discovery_results function within automation_devices.php, where the network parameter is not properly sanitized, allowing injection of malicious SQL queries. Published on 2025-01-27, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was fixed in Cacti version 1.2.29.

An attacker requires low privileges, such as those of an authenticated user, to exploit this over the network with low complexity and no user interaction. Successful exploitation enables limited impacts: partial disclosure of sensitive data (low confidentiality), modification of underlying data (low integrity), and limited denial of service (low availability) through arbitrary SQL execution.

Mitigation is available via upgrade to Cacti 1.2.29, as detailed in the fixing commit at https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 and the GitHub Security Advisory GHSA-fh3x-69rr-qqpp at https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp. Debian LTS users should refer to the announcement at https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html for package-specific patches and guidance.