CVE-2019-17642

Published Mar 5, 2020

Last updated 6 months ago

CVSS high 8.8

Overview

Description: An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:centreon:centreon:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "563111C0-CAC9-473C-A1AC-51F2C45195D3",
            "versionEndExcluding": "18.10.8",
            "versionStartIncluding": "18.0.0"
          },
          {
            "criteria": "cpe:2.3:a:centreon:centreon:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "216B2443-88E7-4536-815E-433965A671A3",
            "versionEndExcluding": "19.04.2",
            "versionStartIncluding": "19.04.0"
          },
          {
            "criteria": "cpe:2.3:a:centreon:centreon:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D901ECC6-2E0C-44FE-BCD2-3463A0CD0914",
            "versionEndExcluding": "19.10.1",
            "versionStartIncluding": "19.10.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References