Vulnerability Details CVE-2019-13035
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2019-13035
-
cpe:2.3:a:pandorafms:pandora_fms:-
-
cpe:2.3:a:pandorafms:pandora_fms:1.2
-
cpe:2.3:a:pandorafms:pandora_fms:1.3
-
cpe:2.3:a:pandorafms:pandora_fms:1.3.1
-
cpe:2.3:a:pandorafms:pandora_fms:2.0
-
cpe:2.3:a:pandorafms:pandora_fms:2.1
-
cpe:2.3:a:pandorafms:pandora_fms:2.1.1
-
cpe:2.3:a:pandorafms:pandora_fms:3.0
-
cpe:2.3:a:pandorafms:pandora_fms:3.1
-
cpe:2.3:a:pandorafms:pandora_fms:3.2
-
cpe:2.3:a:pandorafms:pandora_fms:3.2.1
-
cpe:2.3:a:pandorafms:pandora_fms:4.0
-
cpe:2.3:a:pandorafms:pandora_fms:4.0.1
-
cpe:2.3:a:pandorafms:pandora_fms:4.0.2
-
cpe:2.3:a:pandorafms:pandora_fms:4.0.3
-
cpe:2.3:a:pandorafms:pandora_fms:4.1
-
cpe:2.3:a:pandorafms:pandora_fms:4.1.1
-
cpe:2.3:a:pandorafms:pandora_fms:5.0
-
cpe:2.3:a:pandorafms:pandora_fms:5.1
-
cpe:2.3:a:pandorafms:pandora_fms:6.0
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_703
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_704
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_705
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_706
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_707
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_708
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_709
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_710
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_711
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_712
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_713
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_714
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_715
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_716
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_717
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_718
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_719
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_720
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_721
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_722
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_723
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_724
-
cpe:2.3:a:pandorafms:pandora_fms:7.0_ng_725