Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Artica Pandora FMS 7.0 NG before 735 suffers from local privilege escalation due to improper permissions on C:\PandoraFMS and its sub-folders, allowing standard users to create new files. Moreover, the Apache service httpd.exe will try to execute cmd.exe from C:\PandoraFMS (the current directory) as NT AUTHORITY\SYSTEM upon web requests to the portal. This will effectively allow non-privileged users to escalate privileges to NT AUTHORITY\SYSTEM.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Artica Pandora FMS 权限许可和访问控制问题漏洞
Vulnerability Description
Artica Pandora FMS是西班牙Artica公司的一套监控系统。该系统通过可视化的方式监控网络、服务器、虚拟基础架构和应用程序等。 Artica Pandora FMS 7.0 NG 734及之前版本中存在提权漏洞,该漏洞源于程序为C:PandoraFMS及其子文件夹分配了不当的权限。攻击者可利用该漏洞创建新的文件并将权限提升至NT AUTHORITYSYSTEM权限。
CVSS Information
N/A
Vulnerability Type
N/A