CVE-2019-13035 — HIGH (7.8)

Q: How severe is CVE-2019-13035?

CVE-2019-13035 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-13035?

Check the references section above for vendor advisories and patch information. Affected products include: Pandorafms Pandora Fms.

Vulnerability Description

Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.

CVSS Score

7.8

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pandorafms	Pandora Fms	< 7.0_ng_735

References

FAQ

What is CVE-2019-13035?

CVE-2019-13035 is a vulnerability with a CVSS score of 7.8 (HIGH). Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, th...

How severe is CVE-2019-13035?

CVE-2019-13035 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-13035?

Check the references section above for vendor advisories and patch information. Affected products include: Pandorafms Pandora Fms.