Cyber Posture

CVE-2024-12971

HighRCE

Published: 17 March 2025

Published
17 March 2025
Modified
16 September 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8315 99.3th percentile
Risk Priority 67 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12971 is a high-severity Command Injection (CWE-77) vulnerability in Artica Pandora Fms. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly mitigates OS command injection by requiring information input validation mechanisms to neutralize special elements at input points.

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and correction of the specific flaw in Pandora FMS enabling improper neutralization of command elements.

AC-6 Least Privilege partial match
prevent

Limits the impact of successful OS command injection by enforcing least privilege on low-privileged user accounts.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

OS command injection in a network-accessible application directly enables exploitation of public-facing apps (T1190) and arbitrary command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6

Deeper analysisAI

CVE-2024-12971 is an Improper Neutralization of Special Elements used in a Command vulnerability (CWE-77) that enables OS Command Injection. It affects Pandora FMS versions from 700 to 777.6.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Low-privileged authenticated users can exploit it over the network with low attack complexity and no user interaction, potentially achieving high impacts on confidentiality, integrity, and availability through arbitrary OS command execution.

Mitigation details are available in the vendor advisory at https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/.

Details

CWE(s)
CWE-77

Affected Products

artica
pandora fms
700 — 777.8

CVEs Like This One

CVE-2024-12992Same product: Artica Pandora Fms
CVE-2026-30809Same product: Artica Pandora Fms
CVE-2026-30813Same product: Artica Pandora Fms
CVE-2026-34186Same product: Artica Pandora Fms
CVE-2026-30804Same product: Artica Pandora Fms
CVE-2026-30806Same product: Artica Pandora Fms
CVE-2026-34188Same product: Artica Pandora Fms
CVE-2025-29228Shared CWE-77
CVE-2025-52690Shared CWE-77
CVE-2025-14756Shared CWE-77

References