Centreon server_ip field OS Command Injection

Strike ID:
E20-15pz1
CVSS:
8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
2
Year:
2020

Description

This strike exploits a command injection vulnerability in Centreon 19.10. The vulnerability is due to improper validation of the server_ip parameter in a HTTP request. An authenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution in the context of the server process.

CVE

References