CVE-2024-35308 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-35308?

CVE-2024-35308 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated attackers to read arbitrary files on Pandora FMS servers through the plugin edition feature. It affects Pandora FMS versions 700 through 777.2, potentially exposing sensitive configuration files, credentials, or system data.

📋 TL;DR

This vulnerability allows authenticated attackers to read arbitrary files on Pandora FMS servers through the plugin edition feature. It affects Pandora FMS versions 700 through 777.2, potentially exposing sensitive configuration files, credentials, or system data.

💻 Affected Systems

Products:

Pandora FMS

Versions: 700 through 777.2

Operating Systems: Linux, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authentication to exploit. Plugin edition feature must be accessible.

📦 What is this software?

Pandora Fms by Pandorafms

View all CVEs affecting Pandora Fms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files like /etc/passwd, /etc/shadow, configuration files containing database credentials, or private keys, leading to full system compromise.

🟠

Likely Case

Authenticated users or attackers who gain credentials could exfiltrate sensitive configuration data, potentially enabling further attacks or data breaches.

🟢

If Mitigated

With proper access controls and network segmentation, impact is limited to the Pandora FMS application server only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Post-authentication vulnerability requiring valid credentials. Path traversal techniques likely involved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 777.3

Vendor Advisory: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Restart Required: Yes

Instructions:

1. Backup your Pandora FMS installation and database. 2. Download version 777.3 from official sources. 3. Follow the Pandora FMS upgrade documentation. 4. Restart Pandora FMS services.

🔧 Temporary Workarounds

Disable Plugin Edition Feature

all

Temporarily disable the vulnerable plugin edition functionality

# Modify Pandora FMS configuration to restrict plugin management

Restrict Access to Admin Interface

all

Limit access to Pandora FMS admin interface to trusted IPs only

# Configure firewall rules or web server access controls

🧯 If You Can't Patch

Implement strict access controls and network segmentation for Pandora FMS servers
Monitor for unusual file access patterns and implement file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check Pandora FMS version via web interface or console. Versions 700-777.2 are vulnerable.

Check Version:

pandora_console --version or check web interface About page

Verify Fix Applied:

Verify version is 777.3 or later and test plugin edition functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns in plugin logs
Multiple failed authentication attempts followed by plugin access

Network Indicators:

Unusual outbound data transfers from Pandora FMS server
Requests to plugin endpoints with path traversal patterns

SIEM Query:

source="pandora_fms" AND (event="plugin_edit" OR event="file_read") AND path CONTAINS ".."

📊 Metadata

CVE ID: CVE-2024-35308

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: October 22, 2024

Last Updated: October 25, 2024

🔗 References

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35308, you might also want to check these: