CVSS 3.1 Score 7.0 of 10 (high)


Published Nov 23, 2023
Updated: Nov 30, 2023
CWE ID 287
CWE ID 532


CVE-2023-4677 is a cyber vulnerability that affects Pandora FMS version 772 and earlier. The vulnerability allows attackers who can access the Pandora FMS Console to scrape the cron logs directory for cron log backups. By exploiting this issue, attackers can obtain administrator session IDs contained in the log files, which can then be used to authenticate as an administrator in the application. The vulnerability has a base severity of HIGH and a CVSS score of 7.0, indicating a significant potential danger to organizations. To remediate this vulnerability, it is recommended to update Pandora FMS to a version that is not affected by the issue.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-4677 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options