VDB

CVE-2024-11320

CVE-2024-11320 PUBLISHED CVSS 6.900000095367432 MEDIUM

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4

EPSS 92.62% · 99.8th percentile

Risk Scores

CVSS v4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/S:P/AU:N/R:U/V:C/RE:M/U:Amber
EPSS Score
92.62%
99.8th percentile

Affected Products

VendorProductVersions
pandorafmspandora_fms700, 700, 700
Pandora FMSPandora FMS700, 700

Timeline

  • Jan 21, 1970 Nuclei Template
  • Jan 21, 1970 Fix Commit
  • Nov 21, 2024 CVE Published
  • Nov 21, 2024 PoC Published
  • Nov 21, 2024 CVE Updated
  • Nov 22, 2024 EPSS Score
  • Dec 1, 2024 PoC Published
  • Dec 2, 2024 PoC Published
  • Dec 2, 2024 PoC Published
  • Dec 2, 2024 PoC Published
  • Dec 2, 2024 PoC Published
  • Dec 10, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›