Lucene search

[email protected]CVE-2020-13852

HistoryJun 11, 2020 - 3:15 a.m.

CVE-2020-13852

2020-06-1103:15:00

CWE-434

[email protected]

web.nvd.nist.gov

cve-2020

artica

pandora fms

file upload

remote command execution

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature.

CPENameOperatorVersion
pandorafms:pandora_fmspandorafms pandora fmseq7.44

CPE	Name	Operator	Version
pandorafms:pandora_fms	pandorafms pandora fms	eq	7.44

References

www.coresecurity.com/advisories

www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2020-13852

prion1 checkpoint_advisories1 coresecurity1