What is CVE-2022-26310?

CVE-2022-26310 is a vulnerability in Pandora FMS v7.0NG.760 and below that allows improper authorization in User Management, potentially enabling any authenticated user to create, modify, or delete any user with full admin privilege.

What is the severity of CVE-2022-26310?

CVE-2022-26310 has a severity rating of 8.8 (high).

How does CVE-2022-26310 impact Pandora FMS?

CVE-2022-26310 could lead to a vertical privilege escalation, allowing an authenticated user to gain access to administrative privileges and perform unauthorized actions in the User Management module.

How can I fix CVE-2022-26310 in Pandora FMS?

To fix CVE-2022-26310 in Pandora FMS, it is recommended to upgrade to a version above v7.0NG.760 or apply the necessary patches provided by the vendor.

Where can I find more information about CVE-2022-26310?

You can find more information about CVE-2022-26310 on the Pandora FMS website (https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/) and the Incibe website (https://www.incibe.es/en/cve-assignment-publication/coordinated-cves).

Vulnerability/
CVE-2022-26310

high

8.8

CWE

285

13/5/2022

3/8/2024

CVE-2022-26310: Improper Authorization in User Management to Vertical Privilege Escalation

First published: Fri May 13 2022(Updated: )

Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user.

Credit: security@pandorafms.com

Affected Software	Affected Version	How to fix
Artica Pandora FMS	<=7.0_ng_760

Remedy

Fixed in v761

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-26310?
CVE-2022-26310 is a vulnerability in Pandora FMS v7.0NG.760 and below that allows improper authorization in User Management, potentially enabling any authenticated user to create, modify, or delete any user with full admin privilege.
What is the severity of CVE-2022-26310?
CVE-2022-26310 has a severity rating of 8.8 (high).
How does CVE-2022-26310 impact Pandora FMS?
CVE-2022-26310 could lead to a vertical privilege escalation, allowing an authenticated user to gain access to administrative privileges and perform unauthorized actions in the User Management module.
How can I fix CVE-2022-26310 in Pandora FMS?
To fix CVE-2022-26310 in Pandora FMS, it is recommended to upgrade to a version above v7.0NG.760 or apply the necessary patches provided by the vendor.
Where can I find more information about CVE-2022-26310?
You can find more information about CVE-2022-26310 on the Pandora FMS website (https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/) and the Incibe website (https://www.incibe.es/en/cve-assignment-publication/coordinated-cves).

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/remedy
agent/weakness
agent/title
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/pandorafms
canonical/artica pandora fms
version/artica pandora fms/7.0_ng_760

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.