修复版本
761.0.1
CVE-2022-2059 describes a Stored Cross-Site Scripting (XSS) vulnerability affecting Pandora FMS versions 7.0NG.761 and earlier. An attacker with administrator privileges can exploit this flaw by injecting malicious scripts through the agent alias parameter. This vulnerability could allow an attacker to execute arbitrary JavaScript code within the context of another user's session, potentially leading to account compromise or website defacement. A patch is available to resolve this issue.
The primary impact of CVE-2022-2059 is the potential for an attacker to execute arbitrary JavaScript code within the Pandora FMS web interface. This can be achieved by crafting a malicious script and injecting it through the agent alias field during agent creation. Successful exploitation could allow an attacker to steal session cookies, impersonate legitimate administrators, modify system configurations, or deface the web interface. The requirement for administrator privileges limits the immediate blast radius, but a compromised administrator account could grant access to sensitive data and systems managed by Pandora FMS. While no public exploits are currently known, the ease of exploitation makes this a concerning vulnerability, particularly for organizations relying on Pandora FMS for critical monitoring and alerting.
CVE-2022-2059 was publicly disclosed on July 25, 2022. The vulnerability is considered LOW severity according to CVSS. Currently, there are no known active campaigns exploiting this vulnerability, and no public proof-of-concept exploits have been released. It is not listed on the CISA KEV catalog at the time of this writing. The requirement for administrator privileges is a significant barrier to exploitation, but the ease of injection makes it a potential target for insider threats or attackers who have already gained a foothold within the network.
Organizations heavily reliant on Pandora FMS for system monitoring and alerting are at risk, particularly those with a large number of administrator accounts or those who have not implemented strong access controls. Shared hosting environments where multiple users share a single Pandora FMS instance are also at increased risk, as a compromised administrator account could potentially impact all users on the shared server.
• nagios / web: Examine Pandora FMS access logs for unusual activity related to agent creation, specifically looking for requests containing suspicious characters or script tags in the alias parameter.
• generic web: Use curl to test agent creation endpoints with a simple XSS payload in the alias field. Check the response for signs of script execution (e.g., an alert box).
curl -X POST -d "alias=<script>alert('XSS')</script>" <pandora_fms_agent_creation_url>• generic web: Review Pandora FMS error logs for any JavaScript errors or exceptions that might indicate a successful XSS attack.
disclosure
patch
漏洞利用状态
EPSS
0.61% (70% 百分位)
CVSS 向量
The primary mitigation for CVE-2022-2059 is to upgrade to a patched version of Pandora FMS. Refer to the vendor's advisory for the specific version containing the fix. If upgrading immediately is not feasible, consider implementing strict input validation on the agent alias field to sanitize any potentially malicious characters. While not a complete solution, this can reduce the attack surface. Additionally, review and restrict administrator privileges to the minimum necessary for each user. Monitor web application firewalls (WAFs) for suspicious activity related to script injection attempts. After upgrading, confirm the vulnerability is resolved by attempting to create an agent with a specially crafted alias containing a simple JavaScript payload (e.g., <script>alert('XSS')</script>).
Actualizar Pandora FMS a una versión posterior a la 761 para corregir la vulnerabilidad XSS almacenada. Esto evitará que un atacante con privilegios de administrador explote la vulnerabilidad a través del parámetro alias en la sección de creación de agentes.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2022-2059 is a Stored Cross-Site Scripting vulnerability in Pandora FMS versions 7.0NG.761 and earlier, allowing an administrator to inject malicious scripts.
You are affected if you are running Pandora FMS version 7.0NG.761 or earlier and have administrator privileges.
Upgrade to a patched version of Pandora FMS as recommended by the vendor. Implement input validation as a temporary workaround.
Currently, there are no known active campaigns or public exploits for CVE-2022-2059.
Refer to the Pandora FMS security advisories page for the latest information and patch releases: [https://pandorafms.com/security-advisories/](https://pandorafms.com/security-advisories/)