Lucene search

[email protected]CVE-2020-13855

HistoryJun 11, 2020 - 3:15 a.m.

CVE-2020-13855

2020-06-1103:15:00

CWE-434

[email protected]

web.nvd.nist.gov

artica pandora fms

7.44

arbitrary file upload

remote command execution

nvd

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature.

CPENameOperatorVersion
pandorafms:pandora_fmspandorafms pandora fmseq7.44

CPE	Name	Operator	Version
pandorafms:pandora_fms	pandorafms pandora fms	eq	7.44

References

www.coresecurity.com/advisories

www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

Related for CVE-2020-13855

prion1 checkpoint_advisories1 coresecurity1