CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-12971

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.5518/1

CVE-2024-12971 is an OS Command Injection vulnerability in Pandora FMS versions 700 to 777.6. This improper neutralization of special elements allows attackers to execute arbitrary commands on the underlying operating system. Despite a CVSS score of 0, indicating minimal base severity, the vulnerability is tagged as "In The Wild", meaning it is actively being exploited. The SOCRadar Vulnerability Risk Score (SVRS) of 30 suggests a lower immediate risk compared to critical vulnerabilities, but active exploitation elevates the urgency. Attackers could leverage this flaw to gain unauthorized access, modify system configurations, or steal sensitive data. Although the SVRS isn't critical, the "In The Wild" tag suggests that organizations using affected Pandora FMS versions should prioritize patching and mitigation to prevent potential exploitation. Ignoring this flaw may lead to significant security breaches.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-03-17
LAST MODIFIED2025-03-17
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-12971 is a reserved CVE identifier, meaning a vulnerability has been identified but details are currently unavailable. The SOCRadar Vulnerability Risk Score (SVRS) is 38, indicating a low to moderate risk at this time. The absence of details means that its potential impact is currently unclear.

Key Insights

  1. Lack of Information: As a reserved CVE, there is currently no information regarding the vulnerable product, affected versions, or potential impact. This makes it impossible to assess the true risk or develop specific mitigation strategies at this time.
  2. Low Initial SVRS: The SVRS of 38 suggests that SOCRadar's vulnerability intelligence hasn't yet detected significant real-world exploitation, associated threat actors, or widespread discussion around the vulnerability. However, this can change rapidly once details are released.
  3. Potential for Escalation: The SVRS is subject to change. Once details about the vulnerability are released, the score could increase significantly if it proves to be easily exploitable or actively targeted.

Mitigation Strategies

  1. Monitor for Updates: Closely monitor trusted cybersecurity news sources, vendor security advisories, and vulnerability databases (like the National Vulnerability Database - NVD) for updates and details regarding CVE-2024-12971.
  2. Vulnerability Scanning: Once more information becomes available, utilize vulnerability scanning tools to determine if your systems are affected by the vulnerability.
  3. Patch Management: Develop a patch management plan that includes testing and deployment of security patches as soon as they become available from the vendor for CVE-2024-12971 or any other discovered vulnerabilities.

Additional Information

As CVE-2024-12971 is still a reserved CVE, further investigation and monitoring are crucial.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Metasploit Weekly Wrap-Up 04/11/2025
Diego Ledda2025-04-11
Metasploit Weekly Wrap-Up 04/11/2025 | Spring Exploits This weekly release of Metasploit Framework includes new RCE exploit modules for several vulnerable applications: Appsmith, a low-code application platform which contains a misconfiguration on PostgreSQL (CVE-2024-55964); Pandora FMS, a monitoring solution, where, once gained access to the administrator panel is possible to inject commands (CVE-2024-12971); Oracle AccessSpring Exploits <img alt="Metasploit
rapid7.com
rss
forum
news
CVE-2024-12971 | Artica Pandora FMS up to 777.6 command injection
vuldb.com2025-03-17
CVE-2024-12971 | Artica Pandora FMS up to 777.6 command injection | A vulnerability was found in Artica Pandora FMS up to 777.6 and classified as critical. This issue affects some unknown processing. The manipulation leads to command injection. The identification of this vulnerability is CVE-2024-12971. The attack may be initiated remotely. There is no exploit available.
vuldb.com
rss
forum
news

Social Media

15 new OPEN, 16 new PRO (15 + 1), Rusty Stealer, CVE-2024-12971, 2024-12992, 2024-54085, LandUpdate808, TA569, TA2726 and more. Thanks @Jane_0sint, @monitorsg https://t.co/lOTvSc8cTG
0
1
1
New post from https://t.co/uXvPWJyEiR (CVE-2024-12971 | Artica Pandora FMS up to 777.6 command injection) has been published on https://t.co/b1A2V0yMgo
0
0
0
CVE-2024-12971 Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6 https://t.co/Pami4gyLt1
0
0
1
[CVE-2024-12971: HIGH] Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection.This issue affects Pandora FMS from 700 to 777.6#cybersecurity,#vulnerability https://t.co/rhBrbLh1aL https://t.co/SnEsuJMW1s
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

CWE Details

CWE IDCWE NameDescription
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence