CVE-2023-41788

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

U

nrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773.

References

Link	Resource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/	Vendor Advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:21

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.8~~	v2 : unknown v3 : 7.6
References	~~() https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory~~	() https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory

Information

Published : 2023-11-23 15:15

Updated : 2024-11-21 08:21

NVD link : CVE-2023-41788

Mitre link : CVE-2023-41788

CVE.ORG link : CVE-2023-41788

JSON object : View

Products Affected

pandora_fms

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2023-41788", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-11-23T15:15:08.407", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-434"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allows attackers to execute code via PHP file uploads. This issue affects Pandora FMS: from 700 through 773."}, {"lang": "es", "value": "La carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Pandora FMS permite acceder a funcionalidades no correctamente restringidas por ACL. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo mediante la carga de archivos PHP. Este problema afecta a Pandora FMS: del 700 al 773."}], "lastModified": "2024-11-21T08:21:41.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BFBB222-690E-4B0B-B345-40BCB34BC8FE", "versionEndExcluding": "774", "versionStartIncluding": "700"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}