PT-2024-26424 · Unknown · Pandora Fms
U32I@Proton.Me
·
Published
2024-06-10
·
Updated
2024-06-10
·
CVE-2024-35304
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pandora FMS versions 700 through 776
Description
The issue is related to system command injection through the Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands.
Recommendations
For Pandora FMS versions 700 through 776, update to a version that includes proper input validation for the Netflow function to prevent system command injection.
As a temporary workaround, consider restricting access to the Netflow function until a patch is available.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pandora Fms