CVE-2023-41790 – This vulnerability allows attackers to manipula... (How to Fix)

Q: What is the severity of CVE-2023-41790?

CVE-2023-41790 has a CVSS score of 7.6 (HIGH). This vulnerability allows attackers to manipulate Pandora FMS's configuration file search paths, potentially accessing the server configuration file and compromising the database. It affects all Pandora FMS installations running versions 700 through 773.

📋 TL;DR

This vulnerability allows attackers to manipulate Pandora FMS's configuration file search paths, potentially accessing the server configuration file and compromising the database. It affects all Pandora FMS installations running versions 700 through 773.

💻 Affected Systems

Products:

Pandora FMS

Versions: 700 through 773

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All installations within the affected version range are vulnerable regardless of configuration.

📦 What is this software?

Pandora Fms by Artica

View all CVEs affecting Pandora Fms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full database compromise leading to data theft, system takeover, and lateral movement within the network.

🟠

Likely Case

Unauthorized access to sensitive configuration data and database credentials, enabling further exploitation.

🟢

If Mitigated

Limited impact if proper file permissions and network segmentation are implemented.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal instances require initial network access but pose significant risk once compromised.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of Pandora FMS's file structure and search path manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 774 or later

Vendor Advisory: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Restart Required: Yes

Instructions:

1. Backup your current installation. 2. Download version 774 or later from the official Pandora FMS website. 3. Follow the upgrade instructions in the documentation. 4. Restart the Pandora FMS services.

🔧 Temporary Workarounds

Restrict File Permissions

linux

Set strict file permissions on configuration files to prevent unauthorized access.

chmod 600 /etc/pandora/pandora_server.conf
chown root:root /etc/pandora/pandora_server.conf

Network Segmentation

all

Isolate Pandora FMS servers from untrusted networks and limit access to trusted IPs only.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Pandora FMS server.
Monitor file access logs for unauthorized attempts to read configuration files.

🔍 How to Verify

Check if Vulnerable:

Check the Pandora FMS version via the web interface or by examining the installation directory.

Check Version:

grep 'version' /usr/share/pandora_server/PANDORA_VERSION.def 2>/dev/null || echo 'Check web interface'

Verify Fix Applied:

Confirm the version is 774 or higher and test that configuration files cannot be accessed via unauthorized paths.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns to configuration files
Failed authentication attempts followed by configuration file access

Network Indicators:

Unexpected connections to Pandora FMS ports from untrusted sources

SIEM Query:

source="pandora.log" AND (event="config_access" OR file_path="/etc/pandora/*")

📊 Metadata

CVE ID: CVE-2023-41790

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-427

Published: November 23, 2023

Last Updated: November 21, 2024

🔗 References

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41790, you might also want to check these: