What is the severity of CVE-2023-30534?

CVE-2023-30534 has a MEDIUM severity rating with a CVSS score of 4.3. The EPSS (Exploit Prediction Scoring System) score is 0.38717, indicating a 38.7% probability of exploitation in the wild within 30 days.

Are there exploits available for CVE-2023-30534?

Yes, there is 1 exploit template available for CVE-2023-30534. These can be used for security testing and validation. The primary exploit template is Cacti < 1.2.25 Insecure Deserialization.

When was CVE-2023-30534 published?

CVE-2023-30534 was published on September 5, 2023.

CVE-2023-30534

Q: When was CVE-2023-30534 published?

CVE-2023-30534 was published on September 5, 2023.

MEDIUM

Published 2023-09-05T21:21:30.257Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-30534. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

4.3

/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.387

probability

of exploitation in the wild

There is a 38.7% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.971

Higher than 97.1% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Description

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Understanding This Vulnerability

This Common Vulnerabilities and Exposures (CVE) entry provides detailed information about a security vulnerability that has been publicly disclosed. CVEs are standardized identifiers assigned by MITRE Corporation to track and catalog security vulnerabilities across software and hardware products.

The severity rating (MEDIUM) indicates the potential impact of this vulnerability based on the CVSS (Common Vulnerability Scoring System) framework. Higher severity ratings typically indicate vulnerabilities that could lead to more significant security breaches if exploited. Security teams should prioritize remediation efforts based on severity, exploit availability, and the EPSS (Exploit Prediction Scoring System) score, which predicts the likelihood of exploitation in the wild.

If this vulnerability affects products or systems in your infrastructure, we recommend reviewing the affected products section, checking for available patches or updates from vendors, and implementing recommended workarounds or solutions until a permanent fix is available. Organizations should also monitor security advisories and threat intelligence feeds for updates about active exploitation of this vulnerability.

Available Exploits

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24.

ID: CVE-2023-30534

Author: k0pak4 Medium