CVE-2023-4677

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 23, 2023

Updated: Nov 30, 2023

CWE ID 287

CWE ID 532

Summary

CVE-2023-4677 is a vulnerability affecting version 772 and below of Pandora FMS. The issue arises from administrator session IDs being present in cron log backup files. An attacker with access to the Pandora FMS console can easily locate these logs and extract the IDs. By using the session IDs, the attacker can gain administrative access to the application. It is crucial that users of Pandora FMS update to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Artica Pandora Fms

Affected Vendors

Artica

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/shMoAK
https://www.cve.org/CVERecord?id=CVE-2023-4677
https://nvd.nist.gov/vuln/detail/CVE-2023-4677

Back to Vulnerability Database