Misassignment of privileges can cause DOS attack
CVE-2023-41806

7.5HIGH

Key Information:

Vendor

Pandora FMS

Status
Pandora FMS
Vendor
CVE Published:
23 November 2023

What is CVE-2023-41806?

An improper privilege management vulnerability exists within Pandora FMS, allowing unauthorized privilege escalation. This issue can potentially lead to a denial of service (DOS) attack, affecting the availability of the Pandora FMS server. The vulnerability has been observed across all versions from 700 to 773, necessitating immediate attention and mitigation strategies to protect sensitive data and maintain system integrity.

Affected Version(s)

Pandora FMS all 700 <= 773

References

https://pandorafms.com/en/security/common-vulnerabilities...
vendor-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Oliver Brooks <ollie.brooks@nccgroup.com>
.