CVE-2019-13035 : What You Need to Know

Artica Pandora FMS 7.0 NG version prior to 735 is vulnerable to a local privilege escalation issue due to incorrect permissions, allowing users to elevate their privileges to NT AUTHORITY\SYSTEM.

Understanding CVE-2019-13035

This CVE involves a vulnerability in Artica Pandora FMS 7.0 NG that enables users with limited privileges to escalate their access rights.

What is CVE-2019-13035?

The vulnerability in Artica Pandora FMS 7.0 NG version before 735 allows regular users to create new files and execute commands as NT AUTHORITY\SYSTEM, leading to privilege escalation.

The Impact of CVE-2019-13035

The vulnerability permits unauthorized users to gain elevated privileges, potentially compromising the system's security and integrity.

Technical Details of CVE-2019-13035

Artica Pandora FMS 7.0 NG version prior to 735 is susceptible to a local privilege escalation vulnerability.

Vulnerability Description

The flaw arises from incorrect permissions on the C:\PandoraFMS directory and its sub-folders, enabling users to create files and execute commands as NT AUTHORITY\SYSTEM.

Affected Systems and Versions

Product: Artica Pandora FMS 7.0 NG
Versions: Prior to 735

Exploitation Mechanism

Users with limited privileges can create files and execute commands as NT AUTHORITY\SYSTEM by leveraging the Apache service httpd.exe.

Mitigation and Prevention

To address CVE-2019-13035, follow these steps:

Immediate Steps to Take

Apply the vendor-supplied patch or update to version 735 or later.
Restrict access to the vulnerable directories to authorized personnel only.

Long-Term Security Practices

Regularly review and adjust file permissions to adhere to the principle of least privilege.
Conduct security audits to identify and remediate similar vulnerabilities.

Patching and Updates

Ensure timely installation of security patches and updates to mitigate known vulnerabilities.