CVE-2014-125124
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-31

Last updated on: 2025-07-31

Assigner: VulnCheck

Description
An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects it into a shell command, allowing arbitrary command execution as the pandora user. In certain versions (notably 4.1 and 5.0RC1), the pandora user can elevate privileges to root without a password using a chain involving the artica user account. This account is typically installed without a password and is configured to run sudo without authentication. Therefore, full system compromise is possible without any credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-31
Last Modified
2025-07-31
Generated
2026-05-06
AI Q&A
2025-07-31
EPSS Evaluated
2026-05-05
NVD
CVE-2014-125124
EUVD
EUVD-2014-9814
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
pandora_fms pandora_fms 5.0rc1
pandora_fms pandora_fms 4.0
pandora_fms pandora_fms 4.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an unauthenticated remote command execution flaw in Pandora FMS versions up to 5.0RC1 via the Anyterm web interface on TCP port 8023. The vulnerability arises because the anyterm-module endpoint accepts unsanitized user input through the 'p' parameter and injects it directly into a shell command. This allows an attacker to execute arbitrary commands as the 'pandora' user. In some versions, the 'pandora' user can escalate privileges to root without a password by exploiting the 'artica' user account, which is typically passwordless and configured to run sudo without authentication. This leads to full system compromise without any credentials.


How can this vulnerability impact me? :

This vulnerability can lead to full system compromise without any credentials. An attacker can remotely execute arbitrary commands on the affected system as the 'pandora' user and potentially escalate privileges to root, gaining complete control over the system. This can result in unauthorized access, data theft, system manipulation, and disruption of services.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart