Attacker Value
Low
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
High
Attack Vector
Network
0

CVE-2020-8500

Disclosure Date: March 02, 2020
CVE-2020-8500 CVSS v3 Base Score: 7.2
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality

Add Assessment

3
Ratings
  • Attacker Value
    Low
  • Exploitability
    Very High
Difficult to patchEasy to weaponizeVulnerable in default configurationRequires physical accessRequires user interaction
Technical Analysis

Due to the fact that files that are uploaded are able to be browsed to, this exploit means that an authenticated administrator could upload a reverse shell payload and get the connection back easily.

Many vendors will dismiss this type of vulnerability as not easily exploitable or within the bounds of what the program allows. I believe that it should never be possible for a web application to allow code execution to the underlying host unless that is core functionality of the software.

This same type of vulnerability seems to be present in a large number of monitoring software packages until they get egg on their face and patch it.

The Pandora FMS website lists a good target base that would allow you to start trying to compromise admin creds and get the file upload to hopefully get a foothold.

I would place this as valuable to attackers, but more difficult to exploit due to the fact that you have to be an authenticated admin user.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.2 High
Impact Score:
5.9
Exploitability Score:
1.2
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
High
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • artica

Products

  • pandora fms 7.42

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis