CVE-2019-16405

Опубликовано: 21 нояб. 2019

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Низкий

Описание

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.

Ссылки

http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html
Release Notes
Vendor Advisory
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html
Release Notes
Vendor Advisory
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html
Release Notes
Vendor Advisory
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html
Release Notes
Vendor Advisory
https://github.com/TheCyberGeek/CVE-2019-16405.rb
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/7864
Issue Tracking
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/7884
Issue Tracking
Patch
Third Party Advisory
https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html
Broken Link
https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html
Exploit
Third Party Advisory
http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html
Release Notes
Vendor Advisory
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html
Release Notes
Vendor Advisory
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html
Release Notes
Vendor Advisory
https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html
Release Notes
Vendor Advisory
https://github.com/TheCyberGeek/CVE-2019-16405.rb
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/7864
Issue Tracking
Patch
Third Party Advisory
https://github.com/centreon/centreon/pull/7884
Issue Tracking
Patch
Third Party Advisory
https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html
Broken Link
https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия до 2.8.30 (исключая)

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 18.10.0 (включая) до 18.10.8 (исключая)

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 19.04.0 (включая) до 19.04.5 (исключая)

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 19.10.0 (включая) до 19.10.2 (исключая)

EPSS

Процентиль: 92%

0.08968

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-4f26-v6fr-9hmp

CVSS3: 7.2

github

больше 4 лет назад

Improper Input Validation in Centreon Web

EPSS

Процентиль: 92%

0.08968

Низкий

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo