Overview
- Description
- Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4
- Source
- security@pandorafms.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 6.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:U/V:C/RE:M/U:Amber
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
GitHub - mhaskar/CVE-2024-11320: Exploit for Pandora FMS Remote Code Execution CVE-2024-11320 https://t.co/yejaCWtArJ
@akaclandestine
3 Dec 2024
917 Impressions
4 Retweets
12 Likes
6 Bookmarks
0 Replies
0 Quotes
CVE-2024-11320 alert 🚨 PANDORA FMS : critical remote code execution This vulnerability is a command injection in the LDAP authentication mechanism. This issue affects Pandora FMS from 700 through <=777.4. Find out more here : https://t.co/3QYB007wXX #CyberSec #PandoraFMS
@Patrowl_io
3 Dec 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Exploit for Pandora FMS Remote Code Execution CVE-2024-11320 https://t.co/uWYA9Z4YVD https://t.co/epLc4cLhJo
@cyberkendra
2 Dec 2024
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
GitHub - mhaskar/CVE-2024-11320: Exploit for Pandora FMS Remote Code Execution CVE-2024-11320 - https://t.co/6cQrlSHsfQ
@piedpiper1616
1 Dec 2024
686 Impressions
4 Retweets
11 Likes
5 Bookmarks
0 Replies
0 Quotes
I've published the exploit code for CVE-2024-11320, a PandoraFMS Remote Code Execution vulnerability, after the vendors addressed the issue in version 777.5 and assigned the CVE. Technical analysis of the bug may be out soon. https://t.co/cfbCGtDmDH #offsec #pentesting… https:
@mhaskar01
1 Dec 2024
4891 Impressions
2 Retweets
18 Likes
2 Bookmarks
2 Replies
2 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "300E3447-6027-4041-B773-5E6E49F79040",
"versionEndExcluding": "777.5",
"versionStartIncluding": "700"
}
],
"operator": "OR"
}
]
}
]