Threat actors have been actively exploiting an already addressed critical vulnerability impacting the Cacti device monitoring tool, tracked as CVE-2022-46169, to deliver the Mirai malware
and PERL-based IRC botnet that resulted in the opening of a host-based reverse shell, according to BleepingComputer
Fewer than two dozen attacks have so far leveraged CVE-2022-46169, with an increase observed during the past week, a report from Censys revealed.
"Censys has observed 6,427 hosts on the internet running a version of Cacti. Unfortunately, we can only see the exact running software version when a specific theme (sunrise) is enabled on the web application," said Censys, which noted that 1,637 internet-connected Cacti hosts continue to be vulnerable to the critical flaw, more than 25% of which were running on a version of the monitoring tool released in April 2021.
The report also showed that only 26 of all Cacti hosts with a determinable version number were on an updated release with CVE-2022-46169 protections.