CVE-2014-3829 — HIGH (10.0)

Vulnerability Description

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Merethis	Centreon	2.5.1
Merethis	Centreon Enterprise Server	2.2

Related Weaknesses (CWE)

CWE-94

References

http://seclists.org/fulldisclosure/2014/Oct/78Exploit
http://www.kb.cert.org/vuls/id/298796Third Party AdvisoryUS Government Resource
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreo
https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffd
http://seclists.org/fulldisclosure/2014/Oct/78Exploit
http://www.kb.cert.org/vuls/id/298796Third Party AdvisoryUS Government Resource
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreo
https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffd

FAQ

What is CVE-2014-3829?

CVE-2014-3829 is a vulnerability with a CVSS score of 10.0 (HIGH). displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) se...

How severe is CVE-2014-3829?

CVE-2014-3829 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3829?

Check the references section above for vendor advisories and patch information. Affected products include: Merethis Centreon, Merethis Centreon Enterprise Server.