Vulnerability Description
Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artica | Pandora Fms | 7.0 |
Related Weaknesses (CWE)
References
- https://k4m1ll0.com/cve-2019-19681.html
- https://medium.com/%40k4m1ll0/remote-code-execution-vulnerability-in-pandorafms-
- https://pandorafms.com/blog/pandora-fms-vulnerability/
- https://k4m1ll0.com/cve-2019-19681.html
- https://medium.com/%40k4m1ll0/remote-code-execution-vulnerability-in-pandorafms-
- https://pandorafms.com/blog/pandora-fms-vulnerability/
FAQ
What is CVE-2019-19681?
CVE-2019-19681 is a vulnerability with a CVSS score of 8.8 (HIGH). Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE:...
How severe is CVE-2019-19681?
CVE-2019-19681 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19681?
Check the references section above for vendor advisories and patch information. Affected products include: Artica Pandora Fms.