- Description
- Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4
- Source
- security@pandorafms.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:M/U:Amber
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
I’ve published a new blog post featuring a technical analysis of CVE-2024-11320 a Remote Code Execution vulnerability in PandoraFMS. This is the first post in a two-part series. In this part, I focus on a manual approach to analyzing the bug, while the second part will… https://
@mhaskar01
5 Jan 2025
464 Impressions
3 Retweets
7 Likes
1 Bookmark
0 Replies
0 Quotes
GitHub - mhaskar/CVE-2024-11320: Exploit for Pandora FMS Remote Code Execution CVE-2024-11320 https://t.co/yejaCWtArJ
@akaclandestine
3 Dec 2024
917 Impressions
4 Retweets
12 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2024-11320 alert 🚨 PANDORA FMS : critical remote code execution This vulnerability is a command injection in the LDAP authentication mechanism. This issue affects Pandora FMS from 700 through <=777.4. Find out more here : https://t.co/3QYB007wXX #CyberSec #PandoraFMS
@Patrowl_io
3 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit for Pandora FMS Remote Code Execution CVE-2024-11320 https://t.co/uWYA9Z4YVD https://t.co/epLc4cLhJo
@cyberkendra
2 Dec 2024
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitHub - mhaskar/CVE-2024-11320: Exploit for Pandora FMS Remote Code Execution CVE-2024-11320 - https://t.co/6cQrlSHsfQ
@piedpiper1616
1 Dec 2024
686 Impressions
4 Retweets
11 Likes
5 Bookmarks
0 Replies
0 Quotes
I've published the exploit code for CVE-2024-11320, a PandoraFMS Remote Code Execution vulnerability, after the vendors addressed the issue in version 777.5 and assigned the CVE. Technical analysis of the bug may be out soon. https://t.co/cfbCGtDmDH #offsec #pentesting… https:
@mhaskar01
1 Dec 2024
4891 Impressions
2 Retweets
18 Likes
2 Bookmarks
2 Replies
2 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "300E3447-6027-4041-B773-5E6E49F79040",
"versionEndExcluding": "777.5",
"versionStartIncluding": "700"
}
],
"operator": "OR"
}
]
}
]