CVE-2023-44092

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.0 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/	Vendor Advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-03-19 17:15

Updated : 2025-09-16 15:51

NVD link : CVE-2023-44092

Mitre link : CVE-2023-44092

CVE.ORG link : CVE-2023-44092

JSON object : View

Products Affected

artica

pandora_fms

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-44092", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.3}]}, "published": "2024-03-19T17:15:08.980", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection.\u00a0This vulnerability allowed to create a reverse shell and execute commands in the OS.\u00a0This issue affects Pandora FMS: from 700 through <776."}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Pandora FMS en todos permite la inyecci\u00f3n de comando del sistema operativo. Esta vulnerabilidad permiti\u00f3 crear un shell inverso y ejecutar comandos en el sistema operativo. Este problema afecta a Pandora FMS: desde 700 hasta <776."}], "lastModified": "2025-09-16T15:51:17.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43E82BDE-56AE-494A-8C82-C7E4157390AF", "versionEndExcluding": "776", "versionStartIncluding": "700"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}