Armis Vulnerability Intelligence Database

Description Preview

Pandora FMS version 7.44 contains a critical vulnerability in its File Repository Manager feature that allows attackers to upload arbitrary files, which can lead to remote command execution on the affected system. This vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type).

Overview

Pandora FMS is an open-source monitoring software solution. In version 7.44, the File Repository Manager component fails to properly validate uploaded files, allowing malicious users to upload arbitrary files including those containing executable code. An attacker can exploit this vulnerability to gain remote code execution privileges on the underlying server. This vulnerability is particularly dangerous as it could lead to complete system compromise. The issue affects the community edition of Pandora FMS 7.44.

Remediation

To mitigate this vulnerability, system administrators should:

Update Pandora FMS to the latest version that contains fixes for this vulnerability
If immediate updating is not possible, consider temporarily disabling the File Repository Manager functionality
Implement additional security controls such as:
- Web application firewalls to filter malicious upload attempts
- File type validation at the server level
- Strict permission controls on upload directories
Monitor system logs for suspicious file upload activities
Conduct a security review to identify any potential compromises if the system was exposed

References

Core Security Advisory: https://www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities
CWE-434 (Unrestricted Upload of File with Dangerous Type): https://cwe.mitre.org/data/definitions/434.html
MITRE CVE-2020-13855: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13855
Core Security Advisories Portal: https://www.coresecurity.com/advisories

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Accommodation & Food Services
Accommodation & Food Services
Administrative, Support, Waste Management & Remediation Services
Administrative, Support, Waste Management & Remediation Services
Agriculture, Forestry Fishing & Hunting
Agriculture, Forestry Fishing & Hunting
Arts, Entertainment & Recreation
Arts, Entertainment & Recreation
Construction
Construction
Educational Services
Educational Services
Finance and Insurance
Finance and Insurance
Health Care & Social Assistance
Health Care & Social Assistance
Information
Information
Management of Companies & Enterprises
Management of Companies & Enterprises
Manufacturing
Manufacturing
Mining
Mining
Other Services (except Public Administration)
Other Services (except Public Administration)
Professional, Scientific, & Technical Services
Professional, Scientific, & Technical Services
Public Administration
Public Administration
Real Estate Rental & Leasing
Real Estate Rental & Leasing
Retail Trade
Retail Trade
Transportation & Warehousing
Transportation & Warehousing
Utilities
Utilities
Wholesale Trade
Wholesale Trade

^{CVE-2020-13855:}Arbitrary File Upload in Pandora FMS 7.44 File Repository Manager

Description Preview

Overview

Remediation

References

Focus on What Matters

Let's talk!