CVE-2014-125124

CRITICAL EPSS 76.4%

Published Jul 31, 202511mo ago · Modified Jun 17, 20261w ago

10.0 CVSS 4.0

Critical

Published Jul 31, 2025 11mo ago

Last Modified Jun 17, 2026 1w ago

Description

An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.

CVSS Details

Base Score

10.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

76.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-306 Missing Authentication for Critical Function Authentication

CWE-78 OS Command Injection Injection

References 3

raw.githubusercontent.com https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/pandora_fms_exec.rb
exploit-db.com https://www.exploit-db.com/exploits/31518
vulncheck.com https://www.vulncheck.com/advisories/pandora-fms-anyterm-unauth-command-injection

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.