CVE-2023-51633

Опубликовано: 03 мая 2024

Источник: nvd

CVSS3: 7.5

CVSS3: 9.6

EPSS Низкий

Описание

The specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731.

Ссылки

https://www.zerodayinitiative.com/advisories/ZDI-24-416/
Patch
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-416/
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия до 22.10.15 (исключая)

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 23.04.0 (включая) до 23.04.10 (исключая)

cpe:2.3:a:centreon:centreon_web:*:*:*:*:*:*:*:*

Версия от 23.10.0 (включая) до 23.10.1 (исключая)

EPSS

Процентиль: 84%

0.02223

Низкий

7.5 High

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-74f2-3wmr-p493

CVSS3: 7.5

github

почти 2 года назад

Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731.

EPSS

Процентиль: 84%

0.02223

Низкий

7.5 High

CVSS3

9.6 Critical

CVSS3

Дефекты

CWE-79