Vulnerability Details : CVE-2023-4677
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
Vulnerability category: BypassGain privilege
Products affected by CVE-2023-4677
- cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4677
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4677
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
7.0
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L |
2.2
|
4.7
|
Artica PFMS |
CWE ids for CVE-2023-4677
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: security@pandorafms.com (Secondary)
-
The product writes sensitive information to a log file.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-4677
-
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Pandora FMS Common Vulnerabilities and ExposuresVendor Advisory
Jump to