CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.9%
Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 contain multiple vulnerabilities.
CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’) - CVE-2014-3829
Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 are vulnerable to command injection due to unsafe handling of session_id
and template_id
variables in displayServiceStatus.php
and insufficient filtering on the command_line
variable. The underlying operating system is then able to interpolate special characters, allowing for arbitrary commands to be injected.
CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) - CVE-2014-3828
Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 are vulnerable to SQL injection in the following php components:
<http://server/centreon/include/views/graphs/common/makeXML_ListMetrics.php>
<http://server/centreon/include/views/graphs/GetXmlTree.php>
<http://server/centreon/include/views/graphs/graphStatus/displayServiceStatus.php>
<http://server/centreon/include/configuration/configObject/traps/GetXMLTrapsForVendor.php>
<http://server/centreon/include/common/javascript/commandGetArgs/cmdGetExample.php>
<http://server/centreon/include/views/graphs/graphStatus/displayServiceStatus.php>
Rapid7 reports that prior versions back to 2.0 may be affected. See the Rapid7 advisory for more details.
A remote unauthenticated attacker may be able to execute arbitrary OS and SQL commands.
The CERT/CC is currently unaware of a practical solution to this problem.
298796
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: September 05, 2014 Updated: October 15, 2014
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 8.1 | E:POC/RL:U/RC:UC |
Environmental | 6.1 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
Thanks to Tod Beardsley of Rapid7 for reporting this vulnerability and MaZ for the original vulnerability discovery.
This document was written by Chris King.
CVE IDs: | CVE-2014-3828, CVE-2014-3829 |
---|---|
Date Public: | 2014-10-15 Date First Published: |