8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.0%
Pandora FMS v7.0NG.760 and below allows an improper authorization in User
Management where any authenticated user with access to the User Management
module could create, modify or delete any user with full admin privilege.
The impact could lead to a vertical privilege escalation to access the
privileges of a higher-level user or typically an admin user.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | pandorafms-agent | < any | UNKNOWN |
ubuntu | 20.04 | noarch | pandorafms-agent | < any | UNKNOWN |
ubuntu | 22.04 | noarch | pandorafms-agent | < any | UNKNOWN |
ubuntu | 23.10 | noarch | pandorafms-agent | < any | UNKNOWN |
ubuntu | 16.04 | noarch | pandorafms-agent | < any | UNKNOWN |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
42.0%