CVE-2019-16405

high

Description

Centreon Web before 2.8.30, 18.10.x before 18.10.8, 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.

References

https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html

https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html

https://github.com/centreon/centreon/pull/7884

https://github.com/centreon/centreon/pull/7864

https://github.com/TheCyberGeek/CVE-2019-16405.rb

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html

https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html

http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2019-11-21

Updated: 2022-03-31

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High