CVE-2024-12992

CriticalRCE

Published: 17 March 2025

Published

17 March 2025

Modified

16 September 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0056 68.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12992 is a critical-severity Command Injection (CWE-77) vulnerability in Artica Pandora Fms. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses improper neutralization of special elements by requiring input validation mechanisms at entry points to prevent OS command injection.

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, testing, and correction of flaws like this command injection vulnerability through timely patching.

SI-9 Information Input Restrictions good match

prevent

Restricts and filters information inputs to block special elements used in command injection attacks.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

The CVE describes unauthenticated remote OS command injection leading to RCE on a public-facing Pandora FMS server, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .

Deeper analysisAI

CVE-2024-12992 is an Improper Neutralization of Special Elements used in a Command vulnerability (CWE-77) in Pandora FMS, affecting versions from 700 to 777.6. This flaw enables OS Command Injection, leading to remote code execution (RCE). The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact across confidentiality, integrity, and availability.

An unauthenticated attacker with network access can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows the attacker to execute arbitrary operating system commands on the affected Pandora FMS server, potentially achieving full remote control over the system.

Mitigation details and additional information are available in the Pandora FMS security advisory at https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/.