Vulnerability Details CVE-2019-17642
An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows CSRF with resultant remote command execution via shell metacharacters in a POST to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.1%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
References
- https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html
- https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html
- https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.10/centreon-auto-discovery-19.10.1.html
- https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html
- https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/18.10/centreon-auto-discovery-18.10.8.html
- https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.04/centreon-auto-discovery-19.04.2.html
- https://documentation.centreon.com/docs/centreon-auto-discovery/en/latest/release_notes/19.10/centreon-auto-discovery-19.10.1.html
- https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10/index.html
Products affected by CVE-2019-17642
-
cpe:2.3:a:centreon:centreon:18.0.0
-
cpe:2.3:a:centreon:centreon:18.10.0
-
cpe:2.3:a:centreon:centreon:18.10.1
-
cpe:2.3:a:centreon:centreon:18.10.2
-
cpe:2.3:a:centreon:centreon:18.10.3
-
cpe:2.3:a:centreon:centreon:18.10.4
-
cpe:2.3:a:centreon:centreon:18.10.5
-
cpe:2.3:a:centreon:centreon:18.10.6
-
cpe:2.3:a:centreon:centreon:19.04.0
-
cpe:2.3:a:centreon:centreon:19.04.1
-
cpe:2.3:a:centreon:centreon:19.10.0