Pandora FMS 7.xx Stored XSS vulnerabilities (CVE-2019-19968)
#pandorafms #hacking #xss #cve
Last Modified: 2021.06.08.
The vendor accepted it as a valid finding and they fixed them in Pandora FMS 743.
In December I found a "Remote Code Execution vulnerability" in Pandora FMS 7.xx (CVE-2019–19681). According to the Vendor, it is not a vulnerability, but NVD/MITRE accepted it as a vulnerability. This CVE is in the DISPUTED state.
Since my purpose is helpful, I tried to find vulnerabilities that are "useful" for them. So I changed my focus and this time my goal was to elevate my privileges from a low-level user to an admin user.
Stored XSS vulnerabilities
I was sure there are other cases, but it was enough to demonstrate the problem. This was around Christmas and I got immediate positive feedback from the vendor. They accepted them as valid findings and they already fixed it in the v743 release.
Note: I used an older software version for demonstration, because I used the vendor provided VMWare Image.
1. Reporting Builder
Reporting -> Custom Reports -> Create report
Old Enviornment 7.xx



New Enviornment 7.42

HTML View

2. Graph Builder
Reporting -> Custom Graphs -> Create Graph
Old enviornment 7.xx



New Enviornment 7.42


3. Agent Management
Old enviornment 7.xx
Resources -> Mange Agents -> Create



Additional Content
I made a short demo video on how a real-world attacker could leverage the XSS vulnerability chained with the CVE-2019-19681 CVE to compromise a system with PandoraFMS.
© 2019-2022 Kamilló Matek (<ᚫᛗIᛚᛚᛟ) All Rights Reserved