CERTVU:298796Centreon contains multiple vulnerabilities
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.917 High
EPSS
Percentile
98.9%
Overview
Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 contain multiple vulnerabilities.
Description
CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’) - CVE-2014-3829
Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 are vulnerable to command injection due to unsafe handling of session_id and template_id variables in displayServiceStatus.php and insufficient filtering on the command_line variable. The underlying operating system is then able to interpolate special characters, allowing for arbitrary commands to be injected.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) - CVE-2014-3828
Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 are vulnerable to SQL injection in the following php components:
<http://server/centreon/include/views/graphs/common/makeXML_ListMetrics.php>
<http://server/centreon/include/views/graphs/GetXmlTree.php>
<http://server/centreon/include/views/graphs/graphStatus/displayServiceStatus.php>
<http://server/centreon/include/configuration/configObject/traps/GetXMLTrapsForVendor.php>
<http://server/centreon/include/common/javascript/commandGetArgs/cmdGetExample.php>
<http://server/centreon/include/views/graphs/graphStatus/displayServiceStatus.php>
Rapid7 reports that prior versions back to 2.0 may be affected. See the Rapid7 advisory for more details.
Impact
A remote unauthenticated attacker may be able to execute arbitrary OS and SQL commands.
Solution
The CERT/CC is currently unaware of a practical solution to this problem.
Vendor Information
298796
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Centreon Affected
Notified: September 05, 2014 Updated: October 15, 2014
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 8.1 | E:POC/RL:U/RC:UC |
| Environmental | 6.1 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- <http://www.centreon.com/Content-products/it-infrastructure-and-application-monitoring-centreon>
- <http://cwe.mitre.org/data/definitions/89.html>
- <http://cwe.mitre.org/data/definitions/77.html>
- <http://seclists.org/fulldisclosure/2014/Oct/78>
Acknowledgements
Thanks to Tod Beardsley of Rapid7 for reporting this vulnerability and MaZ for the original vulnerability discovery.
This document was written by Chris King.
Other Information
| CVE IDs: | CVE-2014-3828, CVE-2014-3829 |
|---|---|
| Date Public: | 2014-10-15 Date First Published: |
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.917 High
EPSS
Percentile
98.9%