Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2019-19699

Published: 06/04/2020 Updated: 06/04/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 802
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Centreon

Vulnerability Summary

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software up to and including 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

centreon centreon

Github Repositories

https://github.com/SpengeSec/Centreon-Vulnerable-Images

Centreon Monitoring Software Images that are vulnerable to CVE 2019-19699 and more.

Centreon <= 1910 Vulnerable Images Centreon Monitoring Software Images that are vulnerable to CVE 2019-19699 and other vulnerabilities DISCLAIMER For educational purposes ONLY! I'm not responsible for what you do with these files I'm not the developer of this software, all rights reserved to wwwcentreoncom DOWNLOAD Centreon-Central-346-el7ovfta

https://github.com/SpengeSec/CVE-2019-19699

Centreon =<19.10 Authenticated RCE

CVE-2019-19699 Centreon =&lt; 1910 Proof of Concept Authenticated Remote Code Execution (CVE-2019-19699) Privilege escalation (Walkthrough &amp; Mitigation) Discovered by: SpengeSec (Guylian Dw) TheCyberGeek (Matthew B) Authenticated Remote Code Execution: Lets start by logging in as user Admin to the Centreon web panel After logging in we navigate to Configurat

https://github.com/SpengeSec/Centreon-19.10-Vulnerable-Images

Centreon Monitoring Software Images that are vulnerable to CVE 2019-19699 and more.

Centreon &lt;= 1910 Vulnerable Images Centreon Monitoring Software Images that are vulnerable to CVE 2019-19699 and other vulnerabilities DISCLAIMER For educational purposes ONLY! I'm not responsible for what you do with these files I'm not the developer of this software, all rights reserved to wwwcentreoncom DOWNLOAD Centreon-Central-346-el7ovfta

References

CWE-269https://download.centreon.com/https://twitter.com/SpengeSec/status/1204418071764463618https://github.com/SpengeSec/CVE-2019-19699https://spenge.pw/cves/https://www.centreon.com/https://nvd.nist.govhttps://github.com/SpengeSec/Centreon-Vulnerable-Images
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook