Lucene search

[email protected]CVE-2024-35306

HistoryJun 10, 2024 - 3:15 p.m.

CVE-2024-35306

2024-06-1015:15:51

CWE-78

[email protected]

web.nvd.nist.gov

cve-2024-35306

http request

system commands

variables

pandora fms

8.7 High

CVSS4

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:Y/U:Red/R:U/RE:L

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through <777.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Pandora FMS",
    "versions": [
      {
        "lessThan": "777",
        "status": "affected",
        "version": "700",
        "versionType": "custom"
      }
    ]
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

8.7 High

CVSS4

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:A/AC:H/AT:N/PR:H/UI:N/VC:H/SC:H/VI:H/SI:H/VA:L/SA:L/AU:Y/U:Red/R:U/RE:L

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.8%

JSON

Related for CVE-2024-35306

nvd1 cvelist1 vulnrichment1