Vulnerability Description
There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Centreon | Centreon | <= 19.10 |
Related Weaknesses (CWE)
References
- https://download.centreon.com/Vendor Advisory
- https://github.com/SpengeSec/CVE-2019-19699ExploitThird Party Advisory
- https://spenge.pw/cves/Third Party Advisory
- https://twitter.com/SpengeSec/status/1204418071764463618Third Party Advisory
- https://www.centreon.com/Vendor Advisory
- https://download.centreon.com/Vendor Advisory
- https://github.com/SpengeSec/CVE-2019-19699ExploitThird Party Advisory
- https://spenge.pw/cves/Third Party Advisory
- https://twitter.com/SpengeSec/status/1204418071764463618Third Party Advisory
- https://www.centreon.com/Vendor Advisory
FAQ
What is CVE-2019-19699?
CVE-2019-19699 is a vulnerability with a CVSS score of 7.2 (HIGH). There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration...
How severe is CVE-2019-19699?
CVE-2019-19699 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19699?
Check the references section above for vendor advisories and patch information. Affected products include: Centreon Centreon.