CVE•Published 2020-04-06•1 article on news•6 live references•NVD data

CVE-2019-19699

Vulnerability data via CVEDB (Shodan)

CVSS v3.1

7.2

HIGH

EPSS percentile

Exploit Prediction Scoring System · top 3% of all CVEs

Description

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.

Timeline

Published 2020-04-06

External references

NVD MITRE Exploit-DB Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2019-19699

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Centreon Centreon"

All exposed Centreon Centreon instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Centreon"

HTTP body or banner mentions "Centreon" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2019-19699