PT-2024-26425 · Unknown · Pandora Fms
U32I@Proton.Me
·
Published
2024-06-10
·
Updated
2024-06-10
·
CVE-2024-35307
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pandora FMS versions 700 through 776
Description
The issue allows unauthenticated attackers to execute arbitrary code on the server through Argument Injection Leading to Remote Code Execution in the Realtime Graph Extension.
Recommendations
For Pandora FMS versions 700 through 776, update to a version that is not affected by this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pandora Fms