Vulnerability Details : CVE-2010-4279
Public exploit exists!
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
Vulnerability category: BypassGain privilege
Exploit prediction scoring system (EPSS) score for CVE-2010-4279
Probability of exploitation activity in the next 30 days: 96.36%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-4279
-
Pandora FMS v3.1 Auth Bypass and Arbitrary File Upload Vulnerability
Disclosure Date: 2010-11-30First seen: 2020-04-26exploit/multi/http/pandora_upload_execThis module exploits an authentication bypass vulnerability in Pandora FMS v3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This module was created
CVSS scores for CVE-2010-4279
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-4279
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-4279
-
http://packetstormsecurity.com/files/129830/Pandora-3.1-Auth-Bypass-Arbitrary-File-Upload.html
Pandora 3.1 Auth Bypass / Arbitrary File Upload ≈ Packet Storm
-
http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download
Download Pandora FMS: Flexible Monitoring System from SourceForge.netPatch
-
http://www.securityfocus.com/bid/45112
Pandora FMS Authentication Bypass And Multiple Input Validation VulnerabilitiesExploit;Patch
-
http://www.securityfocus.com/archive/1/514939/100/0/threaded
SecurityFocus
-
http://www.exploit-db.com/exploits/15639
Pandora FMS 3.1 - Authentication Bypass - PHP webapps ExploitExploit
-
http://seclists.org/fulldisclosure/2010/Nov/326
Full Disclosure: Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities
-
https://www.exploit-db.com/exploits/35731/
Pandora FMS 3.1 - Authentication Bypass / Arbitrary File Upload (Metasploit) - PHP remote Exploit
Products affected by CVE-2010-4279
- cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:3.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:1.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:1.3:beta2:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:1.3:beta:*:*:*:*:*:*
- cpe:2.3:a:artica:pandora_fms:1.3:beta3:*:*:*:*:*:*