CVE-2019-19699

Name of the Vulnerable Software and Affected Versions Centreon Infrastructure Monitoring Software versions through 19.10

Description The issue concerns authenticated remote code execution in Centreon Infrastructure Monitoring Software. This occurs due to Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration. The vulnerability allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit this, an attacker must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The attacker must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server id=1 URI. This is triggered via an export of the Poller Configuration.

Recommendations As a temporary workaround, consider disabling the Pollers feature until a patch is available. Restrict access to the Centreon Web Interface to minimize the risk of exploitation. Avoid using the main.php?p=60803&type=3 command in the Centreon Web Interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.