Low
CVE-2020-8500
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-8500
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality
Add Assessment
Ratings
-
Attacker ValueLow
-
ExploitabilityVery High
Technical Analysis
Due to the fact that files that are uploaded are able to be browsed to, this exploit means that an authenticated administrator could upload a reverse shell payload and get the connection back easily.
Many vendors will dismiss this type of vulnerability as not easily exploitable or within the bounds of what the program allows. I believe that it should never be possible for a web application to allow code execution to the underlying host unless that is core functionality of the software.
This same type of vulnerability seems to be present in a large number of monitoring software packages until they get egg on their face and patch it.
The Pandora FMS website lists a good target base that would allow you to start trying to compromise admin creds and get the file upload to hopefully get a foothold.
I would place this as valuable to attackers, but more difficult to exploit due to the fact that you have to be an authenticated admin user.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- artica
Products
- pandora fms 7.42
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: