CVE-2024-9987

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

Published: Oct 22, 2024 / Updated: 28d ago

010
CVSS 8.6EPSS 0.04%High
CVE info copied to clipboard

Summary

A post-authentication SQL Injection vulnerability exists within the filters parameter of the extensions/agents_modules_csv functionality in Pandora FMS versions 700 through 777.3. This vulnerability allows an attacker with high privileges to execute arbitrary SQL commands on the database.

Impact

This SQL Injection vulnerability could lead to unauthorized access to sensitive data, modification of database contents, and potential escalation of privileges. The impact on confidentiality and integrity is high, while the impact on availability is low. There's also a low impact on subsequent systems' confidentiality, integrity, and availability. Successful exploitation could allow an attacker to execute arbitrary SQL commands, potentially compromising the entire database and the information it contains. This could result in data theft, data manipulation, or even system compromise if the database has elevated privileges on the host system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A specific patch is not explicitly mentioned in the provided information. However, the vulnerability affects Pandora FMS versions from 700 through 777.3. It's likely that upgrading to version 777.3 or later (if available) would resolve the issue. The security team should check for the latest available version of Pandora FMS and plan to upgrade affected systems.

Mitigation

1. Upgrade Pandora FMS to the latest version (at least version 777.3 or later if available). 2. Implement input validation and sanitization for the filters parameter in the extensions/agents_modules_csv functionality. 3. Use prepared statements or parameterized queries to prevent SQL injection. 4. Apply the principle of least privilege to limit the potential impact of successful exploitation. 5. Implement additional security measures such as Web Application Firewalls (WAF) to detect and block SQL injection attempts. 6. Regularly audit and monitor database activities for any suspicious queries or unauthorized access attempts.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:C/RE:M/U:Red

Timeline

CVE Assignment

NVD published the first details for CVE-2024-9987

Oct 22, 2024 at 9:15 AM
CVSS

A CVSS base score of 8.6 has been assigned.

Oct 22, 2024 at 9:36 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-9987. See article

Oct 22, 2024 at 9:39 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 22, 2024 at 9:39 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 23, 2024 at 10:38 AM
CVSS

A CVSS base score of 8.8 has been assigned.

Oct 25, 2024 at 7:10 PM / nvd
Static CVE Timeline Graph

Affected Systems

Pandorafms/pandora_fms
+null more

Patches

pandorafms.com
+null more

Attack Patterns

CAPEC-108: Command Line Execution through SQL Injection
+null more

News

NA - CVE-2024-9987 - A post-authentication SQL Injection...
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through
CVE-2024-9987 - Pandora FMS SQL Injection
CVE ID : CVE-2024-9987 Published : Oct. 22, 2024, 9:15 a.m. 36 minutes ago Description : A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through Severity: 0.0
CVE-2024-9987 | Artica Pandora FMS up to 777.2 agents_modules_csv filters sql injection
A vulnerability was found in Artica Pandora FMS up to 777.2 and classified as critical . Affected by this issue is some unknown functionality of the file extensions/agents_modules_csv . The manipulation of the argument filters leads to sql injection. This vulnerability is handled as CVE-2024-9987 . The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
CVE-2024-9987
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through <777.3.
CVE-2024-9987
A post-authentication SQL Injection vulnerability within the filters parameter of the extensions/agents_modules_csv functionality. This issue affects Pandora FMS: from 700 through...
See 1 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI