CVE-2014-3829

Опубликовано: 23 окт. 2014

Источник: nvd

CVSS2: 10

EPSS Высокий

Описание

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable.

Ссылки

http://seclists.org/fulldisclosure/2014/Oct/78
Exploit
http://www.kb.cert.org/vuls/id/298796
Third Party Advisory
US Government Resource
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html
https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde
http://seclists.org/fulldisclosure/2014/Oct/78
Exploit
http://www.kb.cert.org/vuls/id/298796
Third Party Advisory
US Government Resource
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html
https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:merethis:centreon:2.5.1:*:*:*:*:*:*:*

cpe:2.3:a:merethis:centreon_enterprise_server:2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.86204

Высокий

10 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-r4f4-p3xm-cmmg

github

больше 3 лет назад