Lucene search

[email protected]CVE-2023-24517

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2023-24517

2023-08-2219:16:34

CWE-434

[email protected]

web.nvd.nist.gov

cve-2023-24517

pandora fms

file manager

unrestricted upload

vulnerability

nvd

arbitrary command execution

system commands

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Affected configurations

Vulners

NVD

Node

pandorafmspandora_fmsRange≤v767

CPENameOperatorVersion
pandorafms:pandora_fmspandorafms pandora fmsle767

CPE	Name	Operator	Version
pandorafms:pandora_fms	pandorafms pandora fms	le	767

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "All"
    ],
    "product": "Pandora FMS",
    "vendor": "Artica PFMS",
    "versions": [
      {
        "lessThanOrEqual": "v767",
        "status": "affected",
        "version": "v0",
        "versionType": "custom"
      }
    ]
  }
]

References

gist.github.com/Argonx21/9ab62f6e5d8bc6d39b8a338426af121e

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for CVE-2023-24517

prion1 cvelist1 nvd1