What is CVE-2024-11320?

CVE-2024-11320 is a vulnerability in Pandora Fms, classified under Command Injection. Published 2024-11-21.

Is CVE-2024-11320 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Pandora Fms

CVE-2024-11320

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.926 (99.8th percentile) — read the EPSS interpretation.

Affected products

Pandora Fms — versions 700

Weakness classification (CWE)

CWE-77 — Command Injection

Public proof-of-concept exploits

mhaskar/CVE-2024-11320
rapid7/metasploit-framework
ARPSyndicate/cve-scores
nomi-sec/PoC-in-GitHub

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Frequently asked questions

What is CVE-2024-11320?: CVE-2024-11320 is a vulnerability in Pandora Fms, classified under Command Injection. Published 2024-11-21.
Is CVE-2024-11320 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.