From the webpage screenshot, the following key information can be extracted: ### Key Information - **Vulnerability Identifier**: - CVE-2019-17358 - **Release Date**: - December 12, 2019 - **Last Updated Date**: - August 18, 2025 - **Ubuntu Priority**: - Medium - **CVSS v3 Vulnerability Severity Score**: - 8.1 - High - **Description**: - Cacti versions 1.2.7 and earlier are affected by insecure deserialization of user-controlled data in the `lib/functions.php` file, which can impact Cacti object data values and control operations, or potentially cause memory corruption within PHP modules. - **Status**: - Affected Ubuntu versions: - 18.04 LTS (bionic) - Vulnerable - 16.04 LTS (xenial) - Vulnerable - Other versions are either unaffected or have been patched. - **Fix Details**: - Version 14.04 LTS (trusty) has been patched to 0.8.8b+dfsg-5ubuntu0.2+esm1. - **Additional Security Coverage**: - Mentions extended vulnerability patching timelines and security maintenance support provided via Ubuntu Pro. - **CVSS v3 Score Breakdown**: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Impact (Confidentiality, Integrity, Availability): All High - **Reference Links**: - References to Cacti project's GitHub issues and commits, as well as links to the CVE record website. ### Core Conclusion In short, this vulnerability arises from insecure deserialization in the Cacti application, allowing attackers to exploit it remotely over the network. The vulnerability remains unpatched in certain Ubuntu versions.