PT-2021-10758 · Centreon · Centreon

Published

2021-08-18

Updated

2021-09-02

CVE-2020-22345

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Centreon version 19.10.8

Description The issue allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase path parameter in the /graphStatus/displayServiceStatus.php endpoint.

Recommendations For Centreon version 19.10.8, consider restricting access to the /graphStatus/displayServiceStatus.php endpoint to minimize the risk of exploitation, and avoid using shell metacharacters in the RRDdatabase path parameter until a patch is available.

Exploit

Fix

RCE

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-22345

GHSA-2Q95-593F-G7H7

Affected Products

Centreon

PT-2021-10758 · Centreon · Centreon

CVE-2020-22345

Weakness Enumeration

Related Identifiers

Affected Products

References · 8