Cyber Resilience

CVE-2024-12971

HighRCE

Published: 17 March 2025

Published
17 March 2025
Modified
16 September 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:L/U:Green
EPSS Score 0.8315 99.3th percentile
Risk Priority 67 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12971 is a high-severity Command Injection (CWE-77) vulnerability in Artica Pandora Fms. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-12971 is an OS command injection vulnerability stemming from improper neutralization of special elements used in commands, classified under CWE-77. It affects Pandora FMS versions 700 through 777.6 and carries a CVSS 4.0 score of 8.6 reflecting network attack vector, low attack complexity, and high privileges required.

An authenticated attacker with high privileges can send specially crafted input over the network to inject and execute arbitrary operating system commands. Successful exploitation can result in high impact to confidentiality and integrity along with limited impact to availability within the affected monitoring platform.

The single reference URL points to the vendor's page on common vulnerabilities and exposures, which is the authoritative source for any official mitigation steps or patch availability for Pandora FMS deployments.

The EPSS score stands at 0.8315, indicating substantial exploitation likelihood for this remotely exploitable flaw in a widely deployed monitoring product.

EU & UK References

Vulnerability details

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in a network-accessible application directly enables exploitation of public-facing apps (T1190) and arbitrary command execution via Unix shell (T1059.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-12992Same product: Artica Pandora Fms
CVE-2026-30809Same product: Artica Pandora Fms
CVE-2026-30807Same product: Artica Pandora Fms
CVE-2026-30813Same product: Artica Pandora Fms
CVE-2026-34186Same product: Artica Pandora Fms
CVE-2026-30805Same product: Artica Pandora Fms
CVE-2026-30810Same product: Artica Pandora Fms
CVE-2026-34188Same product: Artica Pandora Fms
CVE-2026-30806Same product: Artica Pandora Fms
CVE-2026-30804Same product: Artica Pandora Fms

Affected Assets

artica
pandora fms
700 — 777.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates OS command injection by requiring information input validation mechanisms to neutralize special elements at input points.

prevent

Requires identification, reporting, and correction of the specific flaw in Pandora FMS enabling improper neutralization of command elements.

prevent

Limits the impact of successful OS command injection by enforcing least privilege on low-privileged user accounts.

References