2024-11-26
This article describes a vulnerability (CVE-2024-11320) in Pandora FMS versions 700 through 777.4. It allows attackers to execute arbitrary commands on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.
Vulnerability :
Platform: Pandora FMS
Version: 700 through <= 777.4
Vulnerability: Command Injection (LDAP Authentication)
Severity: MEDIUM
Date: November 21, 2024 (Published), November 26, 2024 (Last Modified)
What Undercode Says:
This vulnerability allows attackers to take control of your Pandora FMS server. It’s critical to update to a patched version as soon as possible.
Here are some additional details not mentioned in the summary:
The National Vulnerability Database (NVD) assigned a CVSS v4.0 base score of 6.9 (MEDIUM) to this vulnerability.
No publicly available information on exploits or mitigations exists at this time.
Recommendations:
Update Pandora FMS to a patched version.
Monitor for suspicious activity on your server.
Please note: This information is for informational purposes only. Always consult with a security professional before making any changes to your system.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help