CVE-2024-29895

CVE-2024-29895 is a critical-severity vulnerability with a CVSS 3.x base score of 10.0. Its EPSS exploit-prediction score of 94% places it in the 100th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-77.

Key facts

Description

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.

Frequently asked questions

What is CVE-2024-29895?
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc.
How severe is CVE-2024-29895?
CVE-2024-29895 has a CVSS 3.x base score of 10.0, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2024-29895 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 94% (100th percentile), an estimate of the probability of exploitation in the next 30 days.
How do I fix CVE-2024-29895?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
Does CVE-2024-29895 have an EU (EUVD) identifier?
Yes. CVE-2024-29895 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2024-26876.
When was CVE-2024-29895 published?
CVE-2024-29895 was published on 2024-05-14 and last updated on 2026-06-17.

References

Other CWE-77 (Command Injection) vulnerabilities

Browse all CWE-77 (Command Injection) vulnerabilities →