Pandora FMS 7.xx Stored XSS vulnerabilities (CVE-2019-19968)
If you find it valuable, you can support me by making a donation. Donate now.
The vendor accepted it as a valid finding and they fixed them in Pandora FMS 743.
In December I found a "Remote Code Execution vulnerability" in Pandora FMS 7.xx (CVE-2019–19681). According to the Vendor, it is not a vulnerability, but NVD/MITRE accepted it as a vulnerability. This CVE is in the DISPUTED state.
Since my purpose is helpful, I tried to find vulnerabilities that are "useful" for them. So I changed my focus and this time my goal was to elevate my privileges from a low-level user to an admin user.
Stored XSS vulnerabilities
I was sure there are other cases, but it was enough to demonstrate the problem. This was around Christmas and I got immediate positive feedback from the vendor. They accepted them as valid findings and they already fixed it in the v743 release.
Note: I used an older software version for demonstration, because I used the vendor provided VMWare Image.
1. Reporting Builder
Reporting -> Custom Reports -> Create report
Old Enviornment 7.xx
New Enviornment 7.42
HTML View
2. Graph Builder
Reporting -> Custom Graphs -> Create Graph
Old enviornment 7.xx
New Enviornment 7.42
3. Agent Management
Old enviornment 7.xx
Resources -> Mange Agents -> Create
Additional Content
I made a short demo video on how a real-world attacker could leverage the XSS vulnerability chained with the CVE-2019-19681 CVE to compromise a system with PandoraFMS.
© 2019-2024 Kamilló Matek (k4m1ll0) All Rights Reserved