CVE-2014-125124

Pandora FMS <= 5.0RC1 Anyterm Unauthenticated Command Injection

CVSS 10 CRITICALEPSS 1.8%CWE-306 CWE-78

Vexday Risk Score

63Prioridad alta

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 10EPSS 1.8%KEV nãoPoC públicaNuclei —Metasploit simPatch —

Ciclo de vida

29 ene 2014Exploit Metasploit disponible

31 jul 2025Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Productos afectados

Artica ST · Pandora FMS

PoCs públicas encontradas — 2

cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/pandora_fms_exec.rbno verificado cve_referencewww.exploit-db.com/exploits/31518no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/pandora_fms_exec.rb https://www.exploit-db.com/exploits/31518 https://www.vulncheck.com/advisories/pandora-fms-anyterm-unauth-command-injection