Attacker Value
Very High
(1 user assessed)
Exploitability
Low
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Network
0

CVE-2020-9463

Disclosure Date: February 28, 2020
CVE-2020-9463 CVSS v3 Base Score: 8.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Centreon 19.10 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the server_ip field in JSON data in an api/internal.php?object=centreon_configuration_remote request.

Add Assessment

1
Ratings
  • Attacker Value
    Very High
  • Exploitability
    Low
Vulnerable in default configurationRequires physical access
Technical Analysis

Centreon is an Open Source Centralised IT management solution. When installed in a corporate network it is used to query all other devices. This makes it a high value target for attackers for several reasons:

  • Source of all networked devices and configuration.
  • Could be used to pivot across the network.
  • Use as a staging /beachhead host this is expected to talk to other devices on the network.

There is no indication of an active userbase from the Products website. the official Github repository as no more than a few hundred stars and forks.
A quick shodan search reveals around 40 internet facing applications.

This vulnerability appears to be post exploitation so an attacker would require either valid credentials or the ability to launch a password attack against the target.

The publicly listed blog post https://code610.blogspot.com/2020/02/postauth-rce-in-centreon-1910.html includes steps to reproduce but doesn’t provide a PoC script. That being said it would be trivial with a few lines of python to create a simple PoC Script.
The only tested version was 19.10,

At the time of writing there does not appear to be any official patch and the website is still serving vulnerable versions. Whilst a full review has not been completed a check of the github repo suggests that all versions are potentially vulnerable

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
8.8 High
Impact Score:
5.9
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • centreon

Products

  • centreon 19.10

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis