CVE-2023-4677: Unauthenticated Admin Account Takeover Via Cron Log File Backups
First published: Thu Nov 23 2023(Updated: )
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
Credit: security@pandorafms.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | >=700<773 |
Remedy
Fixed in v773 and v772.1
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-4677?
CVE-2023-4677 is a vulnerability that allows an unauthenticated attacker to take over an admin account in Pandora FMS through cron log file backups.
What is the severity of CVE-2023-4677?
CVE-2023-4677 has a severity rating of 9.8, which is considered critical.
How does CVE-2023-4677 work?
CVE-2023-4677 allows an attacker who can reach the Pandora FMS Console to scrape the cron log backups, extract administrator session IDs, and use them to authenticate as an admin.
What software is affected by CVE-2023-4677?
The Artica Pandora FMS software version 700 to 773 is affected by CVE-2023-4677.
Is there a fix for CVE-2023-4677?
Yes, upgrading the Pandora FMS software to a version higher than 773 will fix the vulnerability.
- collector/nvd-api
- agent/references
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/tags
- agent/event
- agent/author
- agent/title
- agent/type
- collector/mitre-cve
- source/MITRE
- vendor/artica
- canonical/artica pandora fms
- version/artica pandora fms/700