Arbitrary Commands Execution Vulnerability in Pandora FMS due to LDAP Command Injection
CVE-2024-11320

9.8CRITICAL

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 21 November 2024

🔔 Create Pandora Fms Vulnerability Alert

Badges

🥇 Trended No. 1📈 Trended📈 Score: 2,490👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%

What is CVE-2024-11320?

CVE-2024-11320 is a significant vulnerability found in Pandora FMS, a software solution designed for IT monitoring and management. This vulnerability allows for arbitrary command execution on the server due to a command injection flaw in the LDAP authentication mechanism. Organizations utilizing affected versions of Pandora FMS could face severe risks, including unauthorized access to sensitive systems and potential damage to IT infrastructure, which could disrupt business operations and lead to data loss.

Technical Details

The vulnerability is identified as a command injection issue within the LDAP authentication process of Pandora FMS, affecting versions from 700 to 777.4. By exploiting this flaw, an attacker can inject arbitrary commands that the server could execute, effectively compromising the system's integrity. This vulnerability underscores the importance of proper input validation and robust security practices in IT management software.

Impact of the Vulnerability

Unauthorized Server Access: Exploiting this vulnerability allows attackers to execute arbitrary commands on the server, which means they can gain unauthorized access and control over the system. This can lead to further exploitation and manipulation of critical data.
Data Breach Potential: The capability for command execution poses a significant risk of data breaches, where sensitive organizational data can be stolen, modified, or destroyed, potentially leading to regulatory compliance issues and financial repercussions.
Operational Disruption: The exploitation of the vulnerability can lead to system downtime and disruption of business operations. In an age where IT infrastructure is crucial for service delivery, such incidents can have a detrimental impact on an organization’s ability to operate effectively.

Affected Version(s)

Pandora FMS all 700 <= 777.4

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2024-11320
Created by Rapid7

CVE-2024-11320
Created by mhaskar

References

https://pandorafms.com/en/security/common-vulnerabilities...

EPSS Score

92% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🥇
Vulnerability reached the number 1 worldwide trending spot
Dec 7, 2024
📈
Vulnerability started trending
Dec 6, 2024
🟡
Public PoC available
Dec 1, 2024
👾
Exploit known to exist
Dec 1, 2024
Vulnerability published
Nov 21, 2024
Vulnerability Reserved
Nov 18, 2024

Credit

Mohammad Askar <[email protected]>