Strike ID:
E20-15pz1
CVSS:
9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
False Positive:
t
Variants:
2
Year:
2020

Description

This strike exploits a command injection vulnerability in Centreon 19.10. The vulnerability is due to improper validation of the server ip parameter in a HTTP request. An authenticated attacker could exploit this by sending a maliciously crafted request to the server. A successful attack may result in arbitrary command execution in the context of the server process.

CVE

References

MSB

BID

ExploitDB

Secunia

Security Tracker

Metasploit

ZDI

Google

OSVDB

{}