Today > 5 Critical | 7 High | 33 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-11320

Nov. 21, 2024, 1:57 p.m.

Tags

CWE-77
security@pandorafms.com
2024-11-21
CVE-2024-11320

Product(s) Impacted

Pandora FMS

  • 700.0
  • 700.1
  • 777.0
  • 777.1
  • 777.2
  • 777.3
  • 777.4

Description

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4

Weaknesses

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE ID: 77

Date

Published: Nov. 21, 2024, 11:15 a.m.

Last Modified: Nov. 21, 2024, 1:57 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

security@pandorafms.com

References

https://pandorafms.com/ security@pandorafms.com