CVE-2021-34074 – PandoraFMS versions up to 7.54 contain an arbit... (How to Fix)

Q: How do I fix CVE-2021-34074?

1. Backup current configuration and data. 2. Download PandoraFMS 7.55 or later from official repository. 3. Follow upgrade documentation for your platform. 4. Restart PandoraFMS services. 5. Verify upgrade completed successfully.

Q: What is the severity of CVE-2021-34074?

CVE-2021-34074 has a CVSS score of 9.8 (CRITICAL). PandoraFMS versions up to 7.54 contain an arbitrary file upload vulnerability in the File Manager component. Attackers can bypass built-in protections using relative paths to upload malicious files, leading to remote command execution. Organizations running affected PandoraFMS versions are at risk.

📋 TL;DR

PandoraFMS versions up to 7.54 contain an arbitrary file upload vulnerability in the File Manager component. Attackers can bypass built-in protections using relative paths to upload malicious files, leading to remote command execution. Organizations running affected PandoraFMS versions are at risk.

💻 Affected Systems

Products:

PandoraFMS

Versions: <= 7.54

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations up to version 7.54 are vulnerable by default. The File Manager component is typically accessible to authenticated users.

📦 What is this software?

Pandora Fms by Pandorafms

View all CVEs affecting Pandora Fms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/system privileges, data exfiltration, lateral movement across network, and persistent backdoor installation.

🟠

Likely Case

Unauthorized file upload leading to web shell deployment, command execution with web server privileges, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper network segmentation, file upload restrictions, and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication but is straightforward once access is obtained. The bypass technique using relative paths is well-documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.55 and later

Vendor Advisory: https://pandorafms.com/blog/pandora-fms-755-release/

Restart Required: Yes

Instructions:

1. Backup current configuration and data. 2. Download PandoraFMS 7.55 or later from official repository. 3. Follow upgrade documentation for your platform. 4. Restart PandoraFMS services. 5. Verify upgrade completed successfully.

🔧 Temporary Workarounds

Disable File Manager

all

Temporarily disable the vulnerable File Manager component

# Edit PandoraFMS configuration to disable file manager access

Restrict File Upload Types

all

Implement strict file type validation and upload restrictions

# Configure web server to block uploads of executable file types

🧯 If You Can't Patch

Implement strict network access controls to limit PandoraFMS access to trusted IPs only
Deploy WAF rules to block file upload attempts with relative paths and suspicious patterns

🔍 How to Verify

Check if Vulnerable:

Check PandoraFMS version via web interface or configuration files. If version is 7.54 or lower, system is vulnerable.

Check Version:

grep 'version' /etc/pandora/pandora_server.conf or check via web interface

Verify Fix Applied:

Verify version is 7.55 or higher and test file upload functionality with restricted file types.

📡 Detection & Monitoring

Log Indicators:

File upload attempts with relative paths
Unusual file creation in upload directories
Execution of unexpected system commands

Network Indicators:

HTTP POST requests to file manager endpoints with suspicious file extensions
Outbound connections from PandoraFMS server to unexpected destinations

SIEM Query:

source="pandorafms" AND (url="*file_manager*" OR file_upload="*") AND (path="../" OR extension="php|jsp|asp")

📊 Metadata

CVE ID: CVE-2021-34074

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 25, 2021

Last Updated: November 21, 2024

🔗 References

https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html Exploit,Third Party Advisory
https://k4m1ll0.com/cve-pandorafms754-chained-xss-rce.html Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-34074, you might also want to check these: