Cyber Resilience

CVE-2024-12992

HighRCE

Published: 17 March 2025

Published
17 March 2025
Modified
16 September 2025
KEV Added
Patch
CVSS Score v4 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Amber
EPSS Score 0.0056 68.8th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-12992 is a high-severity Command Injection (CWE-77) vulnerability in Artica Pandora Fms. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-12992 is an Improper Neutralization of Special Elements used in a Command vulnerability (CWE-77) in Pandora FMS, affecting versions from 700 to 777.6. This flaw enables OS Command Injection, leading to remote code execution (RCE). The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact across confidentiality, integrity, and availability.

An unauthenticated attacker with network access can exploit this vulnerability with low attack complexity and no user interaction required. Successful exploitation allows the attacker to execute arbitrary operating system commands on the affected Pandora FMS server, potentially achieving full remote control over the system.

Mitigation details and additional information are available in the Pandora FMS security advisory at https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/.

EU & UK References

Vulnerability details

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE. This issue affects Pandora FMS from 700 to 777.6 .

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

The CVE describes unauthenticated remote OS command injection leading to RCE on a public-facing Pandora FMS server, directly enabling T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-12971Same product: Artica Pandora Fms
CVE-2026-30809Same product: Artica Pandora Fms
CVE-2026-30807Same product: Artica Pandora Fms
CVE-2026-30813Same product: Artica Pandora Fms
CVE-2026-34186Same product: Artica Pandora Fms
CVE-2026-30805Same product: Artica Pandora Fms
CVE-2026-30810Same product: Artica Pandora Fms
CVE-2026-34188Same product: Artica Pandora Fms
CVE-2026-30806Same product: Artica Pandora Fms
CVE-2026-30804Same product: Artica Pandora Fms

Affected Assets

artica
pandora fms
700 — 777.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses improper neutralization of special elements by requiring input validation mechanisms at entry points to prevent OS command injection.

prevent

Requires identification, reporting, testing, and correction of flaws like this command injection vulnerability through timely patching.

prevent

Restricts and filters information inputs to block special elements used in command injection attacks.

References