{"id":161663,"date":"2023-04-07T02:23:13","date_gmt":"2023-04-07T07:23:13","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/04\/cacti-realtek-and-ibm-aspera-faspex-vulnerabilities-under-active-exploitation"},"modified":"2023-04-07T02:23:13","modified_gmt":"2023-04-07T07:23:13","slug":"cacti-realtek-and-ibm-aspera-faspex-vulnerabilities-under-active-exploitation","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/04\/cacti-realtek-and-ibm-aspera-faspex-vulnerabilities-under-active-exploitation","title":{"rendered":"Cacti, Realtek, and IBM Aspera Faspex Vulnerabilities Under Active Exploitation"},"content":{"rendered":"

<\/a><\/p>\n

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.<\/p>\n

This entails the abuse of CVE-2022\u201346169<\/a> (CVSS score: 9.8) and CVE-2021\u201335394<\/a> (CVSS score: 9.8) to deliver MooBot<\/a> and ShellBot<\/a> (aka PerlBot), Fortinet FortiGuard Labs said<\/a> in a report published this week.<\/p>\n

CVE-2022\u201346169<\/a> relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code. CVE-2021\u201335394<\/a> also concerns an arbitrary command injection vulnerability impacting the Realtek Jungle SDK that was patched in 2021.<\/p>\n","protected":false},"excerpt":{"rendered":"

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. This entails the abuse of CVE-2022\u201346169 (CVSS score: 9.8) and CVE-2021\u201335394 (CVSS score: 9.8) to deliver MooBot and ShellBot (aka PerlBot), Fortinet FortiGuard Labs said in a report published this week. CVE-2022\u201346169 relates [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-161663","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/161663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=161663"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/161663\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=161663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=161663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=161663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}