CVE-2024-11320
Published: 21 November 2024
Summary
CVE-2024-11320 is a medium-severity Command Injection (CWE-77) vulnerability in Pandorafms Pandora Fms. Its CVSS base score is 6.9 (Medium).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-11320 is a command injection vulnerability, tracked as CWE-77, in the LDAP authentication mechanism of Pandora FMS. It affects versions 700 through 777.4 and permits arbitrary command execution on the server.
An attacker with high privileges can exploit the flaw over the network to achieve high-integrity impact on the target system, although the CVSS vector indicates that user interaction is required.
The vendor advisory at https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ addresses the issue. The associated EPSS score stands at 0.9262 with a recorded peak of 0.9307.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33774
Vulnerability details
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.