CVE-2020-9463

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.

Recent assessments:

kevthehermit at February 28, 2020 7:40pm UTC reported:

Centreon is an Open Source Centralised IT management solution. When installed in a corporate network it is used to query all other devices. This makes it a high value target for attackers for several reasons:

• Source of all networked devices and configuration.

• Could be used to pivot across the network.

• Use as a staging /beachhead host this is expected to talk to other devices on the network.

There is no indication of an active userbase from the Products website. the official Github repository as no more than a few hundred stars and forks.
A quick shodan search reveals around 40 internet facing applications.

This vulnerability appears to be post exploitation so an attacker would require either valid credentials or the ability to launch a password attack against the target.

The publicly listed blog post <https://code610.blogspot.com/2020/02/postauth-rce-in-centreon-1910.html&gt; includes steps to reproduce but doesn’t provide a PoC script. That being said it would be trivial with a few lines of python to create a simple PoC Script.
The only tested version was 19.10,

At the time of writing there does not appear to be any official patch and the website is still serving vulnerable versions. Whilst a full review has not been completed a check of the github repo suggests that all versions are potentially vulnerable

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 2