Remote Code Execution Vulnerability in Centreon Products
CVE-2018-11587

9.8CRITICAL

Key Information:

Vendor

Centreon

Status
Centreon Web
Centreon
Vendor
CVE Published:
25 June 2018

What is CVE-2018-11587?

A vulnerability exists in Centreon versions 3.4.6 and Centreon Web 2.8.23 that allows for remote code execution through improper handling of the RPN value in the Virtual Metric form within the centreonGraph.class.php file. This could potentially enable an attacker to execute arbitrary commands on the server, compromising system integrity and data security.

References

https://github.com/centreon/centreon/pull/6263
x_refsource_CONFIRM
https://github.com/centreon/centreon/releases
x_refsource_CONFIRM
https://documentation.centreon.com/docs/centreon/en/lates...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.