CVE-2023-2807 MEDIUM

CVE-2023-2807: Authentication bypass in password reset process

Vendor Artica Pfms
Product Pandora FMS
Weakness CWE-290
Published June 13, 2023
Last update January 3, 2025

CVSS base score

6.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication. This issue affects PandoraFMS v771 and prior versions on all platforms.

Key dates

02Disclosure timeline

June 13, 2023 CVE published
January 3, 2025 Record updated