CVE-2019-20224 Scanner
Detects 'OS Command Injection' vulnerability in Pandora FMS 7.0NG affects v. before Pandora FMS 7.0 NG 742.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4
Toolbox
-
Pandora FMS 7.0NG is an open source monitoring software designed for network monitoring, server monitoring, and infrastructure management. It is used by IT teams to keep track of the performance and availability of various network devices, servers, applications, databases, and other IT assets. The software is equipped with a range of features such as data visualization, alerting, reporting, and automation, which enable IT teams to proactively manage their IT infrastructure.
The CVE-2019-20224 vulnerability detected in Pandora FMS 7.0NG is a critical security flaw that can be exploited by remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This flaw can be dangerous as it provides unauthorized access to the system, which can lead to a range of security threats such as data theft, system hijacking, and malware infections.
When exploited, this vulnerability can lead to serious consequences as attackers can gain unauthorized access to the system and execute arbitrary OS commands. This can result in data compromise, system penetration, and other security breaches. Attackers can also use this vulnerability to inject malware into the system, steal sensitive information, or take control of the system.
Thanks to the pro features of the s4e.io platform, those who read this article can easily and quickly learn about vulnerabilities in their digital assets. With features such as asset discovery, vulnerability management, compliance reporting, and threat analysis, the platform provides comprehensive and real-time insights into security threats and risks. So, sign up today and stay one step ahead of cyber threats!
REFERENCES
- http://packetstormsecurity.com/files/155897/Pandora-7.0NG-Remote-Code-Execution.html
- https://drive.google.com/file/d/1DkWR5MylzeNr20jmHXTaAIJmf3YN-lnO/view?usp=sharing
- https://gist.github.com/mhaskar/2153d66a0928492d76b799ba13b9e3f9
- https://pandorafms.com/downloads/solved-pandorafms-742.mp4
- https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/