CVE-2024-11320

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 21, 2024
Updated: Nov 26, 2024
CWE ID 77

Summary

CVE-2024-11320 is a newly disclosed vulnerability that allows an attacker to execute arbitrary commands on a Pandora FMS server. This vulnerability is located in the LDAP authentication mechanism and affects versions 700 through 777.4. By exploiting this command injection flaw, a malicious actor can gain unrestricted access to the server and potentially take control of it, leading to serious security implications. Pandora FMS users are strongly advised to update their systems to the latest available version in order to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share