CVE-2024-35304
CRITICALPandora FMS 700-776 - OS Command Injection via Netflow Function
Title source: llmDescription
System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Scores
CVSS v3
9.8
EPSS
0.0109
EPSS Percentile
61.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
artica/pandora_fms
700 - 777
Published
Jun 10, 2024
Tracked Since
Feb 18, 2026