Remote Code Execution Vulnerability in EyesOfNetwork's Mail Options Configuration

Remote Code Execution Vulnerability in EyesOfNetwork's Mail Options Configuration

CVE-2021-40643 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").

Learn more about our Network Penetration Testing.