Headline
CVE-2021-40643: EyesOfNetwork - Information system supervision solution
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the “sendmail” application in the “cacti” configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration (“send test mail”).
A vulnerability has been detected in the EyesOfNetwork solution.
This vulnerability allows an attacker to obtain a shell with root rights on an instance of EON without prior information or login.
A patch was released Thursday, July 1, then packaged and is now available on the EyesOfNetwork repositories. [5.3].
The patch is applied by executing the following command:
yum update cacti0