CVE-2023-44092 - Vulnerability Details - OpenCVE

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00128.

Key SSVC decision points have not yet been added.

Vendors	Products
Artica	Pandora Fms
Pandora Fms	Pandora Fms

Configuration 1 [-]

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Pandora Fms	Pandora Fms

Advisories

Source	ID	Title
EUVD	EUVD-2023-48451	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. This issue affects Pandora FMS: from 700 through <776.

Fixes

Solution

Fixed in v776.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

History

Tue, 16 Sep 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Artica Artica pandora Fms
CPEs		cpe:2.3:a:artica:pandora_fms::::::::
Vendors & Products		Artica Artica pandora Fms

MITRE

Status: PUBLISHED

Assigner: PandoraFMS

Published: 2024-03-19T16:32:54.633Z

Updated: 2024-08-02T19:59:50.235Z

Reserved: 2023-09-25T08:33:09.669Z

Link: CVE-2023-44092

Vulnrichment

Updated: 2024-08-02T19:59:50.235Z

NVD

Status : Analyzed

Published: 2024-03-19T17:15:08.980

Modified: 2025-09-16T15:51:17.473

Link: CVE-2023-44092

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-21T15:16:48Z

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44092", "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "state": "PUBLISHED", "assignerShortName": "PandoraFMS", "dateReserved": "2023-09-25T08:33:09.669Z", "datePublished": "2024-03-19T16:32:54.633Z", "dateUpdated": "2024-08-02T19:59:50.235Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["all"], "product": "Pandora FMS", "vendor": "Pandora FMS", "versions": [{"lessThanOrEqual": "<776", "status": "affected", "version": "700", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Aleksey Solovev (Positive Technologies)"}], "datePublic": "2024-03-19T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. <span style=\"background-color: var(--darkreader-bg--wht);\">This issue affects Pandora FMS: from 700 through <776.</span>"}], "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection.\u00a0This vulnerability allowed to create a reverse shell and execute commands in the OS.\u00a0This issue affects Pandora FMS: from 700 through <776."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "shortName": "PandoraFMS", "dateUpdated": "2024-03-19T16:32:54.633Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Fixed in v776."}], "value": "Fixed in v776."}], "source": {"discovery": "EXTERNAL"}, "title": "OS Command Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "artica", "product": "pandora_fms", "cpes": ["cpe:2.3:a:artica:pandora_fms:700:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "700", "status": "affected", "lessThan": "776", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-20T14:31:18.246071Z", "id": "CVE-2023-44092", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T14:44:44.312Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:50.235Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:50.235Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-44092", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-20T14:31:18.246071Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:artica:pandora_fms:700:*:*:*:*:*:*:*"], "vendor": "artica", "product": "pandora_fms", "versions": [{"status": "affected", "version": "700", "lessThan": "776", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T14:44:35.505Z"}}], "cna": {"title": "OS Command Injection", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Aleksey Solovev (Positive Technologies)"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Pandora FMS", "product": "Pandora FMS", "versions": [{"status": "affected", "version": "700", "versionType": "custom", "lessThanOrEqual": "<776"}], "platforms": ["all"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Fixed in v776.", "supportingMedia": [{"type": "text/html", "value": "Fixed in v776.", "base64": false}]}], "datePublic": "2024-03-19T17:00:00.000Z", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection.\u00a0This vulnerability allowed to create a reverse shell and execute commands in the OS.\u00a0This issue affects Pandora FMS: from 700 through <776.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection. This vulnerability allowed to create a reverse shell and execute commands in the OS. <span style=\"background-color: var(--darkreader-bg--wht);\">This issue affects Pandora FMS: from 700 through <776.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "shortName": "PandoraFMS", "dateUpdated": "2024-03-19T16:32:54.633Z"}}}, "cveMetadata": {"cveId": "CVE-2023-44092", "state": "PUBLISHED", "dateUpdated": "2024-08-02T19:59:50.235Z", "dateReserved": "2023-09-25T08:33:09.669Z", "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "datePublished": "2024-03-19T16:32:54.633Z", "assignerShortName": "PandoraFMS"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", "matchCriteriaId": "43E82BDE-56AE-494A-8C82-C7E4157390AF", "versionEndExcluding": "776", "versionStartIncluding": "700", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Pandora FMS on all allows OS Command Injection.\u00a0This vulnerability allowed to create a reverse shell and execute commands in the OS.\u00a0This issue affects Pandora FMS: from 700 through <776."}, {"lang": "es", "value": "La neutralizaci\u00f3n inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyecci\u00f3n de comando del sistema operativo') en Pandora FMS en todos permite la inyecci\u00f3n de comando del sistema operativo. Esta vulnerabilidad permiti\u00f3 crear un shell inverso y ejecutar comandos en el sistema operativo. Este problema afecta a Pandora FMS: desde 700 hasta <776."}], "id": "CVE-2023-44092", "lastModified": "2025-09-16T15:51:17.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 6.0, "source": "security@pandorafms.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-19T17:15:08.980", "references": [{"source": "security@pandorafms.com", "tags": ["Vendor Advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}], "sourceIdentifier": "security@pandorafms.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@pandorafms.com", "type": "Secondary"}]}