Plateforme
nagios
Composant
pandora-fms
Corrigé dans
761.0.1
CVE-2022-2032 describes a Stored Cross-Site Scripting (XSS) vulnerability affecting Pandora FMS versions up to and including v7.0NG.761. This flaw resides within the file manager section, allowing an attacker with administrator privileges to inject malicious scripts. The vulnerability was publicly disclosed on July 25, 2022, and a fix is available via upgrading to a patched version.
Successful exploitation of CVE-2022-2032 allows an attacker, possessing administrator access to the Pandora FMS system, to inject arbitrary JavaScript code into the application. This code will then be executed in the context of other users' browsers when they access the affected file manager section. The impact ranges from session hijacking and defacement to potentially gaining access to sensitive data stored within the Pandora FMS system. While the CVSS score is LOW, the requirement for administrator privileges means the attack requires prior compromise or credential theft, increasing the complexity but not eliminating the risk.
CVE-2022-2032 is not currently listed on the CISA KEV catalog. Public proof-of-concept (POC) code is not widely available, suggesting limited active exploitation. The vulnerability was disclosed in July 2022, and while it has been publicly known for some time, there's no widespread evidence of active campaigns targeting it. The LOW CVSS score and requirement for administrator privileges likely contribute to this.
Organizations heavily reliant on Pandora FMS for monitoring and alerting, particularly those with legacy deployments running versions prior to the patch release, are at risk. Environments where administrator accounts have weak passwords or are not properly secured are also more vulnerable.
• nagios / server:
journalctl -u pandora_fms -g 'file manager' | grep -i 'script' • nagios / server:
ps aux | grep -i 'dirname parameter'• generic web: Inspect Pandora FMS file manager URLs for unusual query parameters or file names that might indicate XSS attempts. • generic web: Review Pandora FMS access logs for requests containing suspicious JavaScript code within file manager parameters.
disclosure
Statut de l'Exploit
EPSS
0.61% (percentile 70%)
Vecteur CVSS
The primary mitigation for CVE-2022-2032 is to upgrade Pandora FMS to a version that includes the security patch. Consult the official Pandora FMS advisory for the specific patched version number. If immediate upgrading is not possible, consider implementing strict input validation and output encoding within the file manager section to sanitize user-supplied data. While a WAF might offer some protection, it's not a substitute for patching. Regularly review file manager access logs for suspicious activity.
Actualice Pandora FMS a una versión posterior a la 761. Esto solucionará la vulnerabilidad XSS almacenada en el administrador de archivos.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2022-2032 is a Stored Cross-Site Scripting vulnerability in Pandora FMS versions 7.0NG.761 and earlier, allowing administrators to inject malicious scripts via the file manager.
You are affected if you are running Pandora FMS versions 7.0NG.761 or earlier. Check your version and upgrade as soon as possible.
Upgrade Pandora FMS to a patched version that addresses this vulnerability. Consult the official Pandora FMS advisory for the specific patched version.
There is no widespread evidence of active exploitation, but the vulnerability remains a potential risk.
Refer to the official Pandora FMS security advisories on their website for details and the patched version.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.