CVE-2022-1648 - Vulnerability Details - OpenCVE

Description

Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.

Published: 2022-07-26

Score: 5.7 Medium

EPSS: 2.8% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Artica PFMS

Pandora FMS

affected

Version	Status	Constraints
`v760`	affected	≤ v760

Configuration 1 [-]

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

Fixed in v761

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-24935	Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02785.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves

History

No history.

Subscriptions

Pandorafms Pandora Fms

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2022-07-26T14:24:32.531Z

Updated: 2024-09-16T19:47:11.391Z

Reserved: 2022-05-10T00:00:00.000Z

Link: CVE-2022-1648

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-07-26T15:15:10.513

Modified: 2024-11-21T06:41:10.350

Link: CVE-2022-1648

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"containers": {"cna": {"affected": [{"platforms": ["all"], "product": "Pandora FMS", "vendor": "Artica PFMS", "versions": [{"lessThanOrEqual": "v760", "status": "affected", "version": "v760", "versionType": "custom"}]}], "datePublic": "2022-05-13T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-26T14:24:32.000Z", "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"}], "solutions": [{"lang": "en", "value": "Fixed in v761"}], "source": {"defect": ["Ticket", "#4850"], "discovery": "EXTERNAL"}, "title": "Relative Path Traversal to Remote Code Execution in File Manager", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-coordination@incibe.es", "DATE_PUBLIC": "2022-05-13T08:00:00.000Z", "ID": "CVE-2022-1648", "STATE": "PUBLIC", "TITLE": "Relative Path Traversal to Remote Code Execution in File Manager"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Pandora FMS", "version": {"version_data": [{"platform": "all", "version_affected": "<=", "version_name": "v760", "version_value": "v760"}]}}]}, "vendor_name": "Artica PFMS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-23 Relative Path Traversal"}]}]}, "references": {"reference_data": [{"name": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "refsource": "CONFIRM", "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}, {"name": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves", "refsource": "CONFIRM", "url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"}]}, "solution": [{"lang": "en", "value": "Fixed in v761"}], "source": {"defect": ["Ticket", "#4850"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:10:03.702Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"}]}]}, "cveMetadata": {"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "assignerShortName": "INCIBE", "cveId": "CVE-2022-1648", "datePublished": "2022-07-26T14:24:32.531Z", "dateReserved": "2022-05-10T00:00:00.000Z", "dateUpdated": "2024-09-16T19:47:11.391Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9ACE0CF-C204-470A-B706-969837339CDC", "versionEndIncluding": "7.0_ng_760", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege."}, {"lang": "es", "value": "Pandora FMS versi\u00f3n v7.0NG.760 y anteriores, permite un salto de ruta relativo en el Administrador de Archivos en el que un usuario con privilegios podr\u00eda cargar un archivo .php fuera del directorio de im\u00e1genes previsto que est\u00e1 restringido para ejecutar el archivo .php. El impacto podr\u00eda conllevar a una Ejecuci\u00f3n de C\u00f3digo Remota con privilegio de aplicaci\u00f3n en ejecuci\u00f3n."}], "id": "CVE-2022-1648", "lastModified": "2024-11-21T06:41:10.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.2, "impactScore": 5.5, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-07-26T15:15:10.513", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Vendor Advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}, {"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/cve-assignment-publication/coordinated-cves"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-23"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}