CVE-2019-17501 - Centreon 19.04 Authenticated RCE
| Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field | |
| of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). | |
| ------------------------------------------ | |
| [Additional Information] | |
| Once one has logged into Centreon: | |
| 1. navigate to: Configuration > Commands > Discovery OR http://ip-address/centreon/main.php?p=60807&type=4 | |
| 2. in the "Command Line" section put a command: e.g. "cat /etc/passwd" without quotes. | |
| 3. press the blue play icon under the "Command Line" section | |
| 4. a screen will appear and print the results of the given command in step 3 | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Authentication Code Execution | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| Centreon | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| IT & Network Monitoring - 19.04 | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Code execution] | |
| True | |
| ------------------------------------------ | |
| [Identified by] | |
| sinfulz & payl0ad |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment