Misassignment of privileges can cause DOS attack
CVE-2023-41806

7.5HIGH

Key Information:

Vendor: Pandora FMS
Status: Pandora FMS
Vendor: CVE Published:; 23 November 2023

🔔 Create Pandora FMS Vulnerability Alert

What is CVE-2023-41806?

An improper privilege management vulnerability exists within Pandora FMS, allowing unauthorized privilege escalation. This issue can potentially lead to a denial of service (DOS) attack, affecting the availability of the Pandora FMS server. The vulnerability has been observed across all versions from 700 to 773, necessitating immediate attention and mitigation strategies to protect sensitive data and maintain system integrity.

Affected Version(s)

Pandora FMS all 700 <= 773

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Oliver Brooks <[email protected]>