Cyber Resilience

CVE-2024-54145

MediumPublic PoC

Published: 27 January 2025

Published
27 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0018 39.4th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54145 is a medium-severity SQL Injection (CWE-89) vulnerability in Cacti Cacti. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-54145 is a SQL injection vulnerability (CWE-89) in Cacti, an open source performance and fault management framework. The flaw exists in the get_discovery_results function within automation_devices.php, where the network parameter is not properly sanitized, allowing injection of malicious SQL queries. Published on 2025-01-27, it carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) and was fixed in Cacti version 1.2.29.

An attacker requires low privileges, such as those of an authenticated user, to exploit this over the network with low complexity and no user interaction. Successful exploitation enables limited impacts: partial disclosure of sensitive data (low confidentiality), modification of underlying data (low integrity), and limited denial of service (low availability) through arbitrary SQL execution.

Mitigation is available via upgrade to Cacti 1.2.29, as detailed in the fixing commit at https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0 and the GitHub Security Advisory GHSA-fh3x-69rr-qqpp at https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp. Debian LTS users should refer to the announcement at https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html for package-specific patches and guidance.

EU & UK References

Vulnerability details

Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1213.006 Databases Collection
Adversaries may leverage databases to mine valuable information.
Why these techniques?

SQL injection in network-accessible Cacti web app directly enables T1190 exploitation for initial or post-auth access; arbitrary SQL execution facilitates T1213.006 database data access/modification.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-26520Same product: Cacti Cacti
CVE-2024-54146Same product: Cacti Cacti
CVE-2025-24368Same product: Cacti Cacti
CVE-2025-22604Same product: Cacti Cacti
CVE-2025-24367Same product: Cacti Cacti
CVE-2025-66399Same product: Cacti Cacti
CVE-2005-10004Same product: Cacti Cacti
CVE-2019-25537Shared CWE-89
CVE-2019-25366Shared CWE-89
CVE-2019-25496Shared CWE-89

Affected Assets

cacti
cacti
≤ 1.2.29

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents SQL injection attacks like CVE-2024-54145 by enforcing validation of untrusted inputs such as the unsanitized 'network' parameter in automation_devices.php.

prevent

Requires timely identification, reporting, and patching of flaws like this SQL injection vulnerability, as fixed in Cacti 1.2.29.

detect

Enables proactive detection of SQL injection vulnerabilities like CVE-2024-54145 through regular automated scanning and risk-based remediation.

References