Pandora FMS authenticated command injection leading to RCE via LDAP using default DB password
Description
Pandora FMS is a monitoring solution that provides full observability for your organization's technology. This module exploits an command injection vulnerability in the LDAP authentication mechanism of Pandora FMS. You need have admin access at the Pandora FMS Web application in order to execute this RCE. This access can be achieved leveraging a default password vulnerability in Pandora FMS that allows an attacker to access the Pandora FMS MySQL database, create a new admin user and gain administrative access to the Pandora FMS Web application. This attack can be remotely executed over the WAN as long as the MySQL services are exposed to the outside world. This issue affects Community, Free and Enterprise editions: from v7.0NG.718 through <= v7.0NG.777.4
Author(s)
- h00die-gr3y <h00die.gr3y@gmail.com>
- Askar mhaskar
Platform
Linux,PHP,Unix
Architectures
cmd, php
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/linux/http/pandora_fms_auth_rce_cve_2024_11320
msf exploit(pandora_fms_auth_rce_cve_2024_11320) > show targets
...targets...
msf exploit(pandora_fms_auth_rce_cve_2024_11320) > set TARGET < target-id >
msf exploit(pandora_fms_auth_rce_cve_2024_11320) > show options
...show and set options...
msf exploit(pandora_fms_auth_rce_cve_2024_11320) > exploit
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security