{"vuid":"VU#298796","idnumber":"298796","name":"Centreon contains multiple vulnerabilities","keywords":["cwe-77","cwe-89","sql injection","centreon","command injection"],"overview":"Centreon version 2.5.1 and Centreon Enterprise Server version 2.2 contain multiple vulnerabilities.","clean_desc":"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') - CVE-2014-3829\nCentreon version 2.5.1 and Centreon Enterprise Server version 2.2 are vulnerable to command injection due to unsafe handling of session_id and template_id variables in displayServiceStatus.php and insufficient filtering on the command_line variable. The underlying operating system is then able to interpolate special characters, allowing for arbitrary commands to be injected. CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') -  CVE-2014-3828\nCentreon version 2.5.1 and Centreon Enterprise Server version 2.2 are vulnerable to SQL injection in the following php components: http://server/centreon/include/views/graphs/common/makeXML_ListMetrics.php\nhttp://server/centreon/include/views/graphs/GetXmlTree.php\nhttp://server/centreon/include/views/graphs/graphStatus/displayServiceStatus.php\nhttp://server/centreon/include/configuration/configObject/traps/GetXMLTrapsForVendor.php\nhttp://server/centreon/include/common/javascript/commandGetArgs/cmdGetExample.php\nhttp://server/centreon/include/views/graphs/graphStatus/displayServiceStatus.php Rapid7 reports that prior versions back to 2.0 may be affected. See the Rapid7 advisory for more details.","impact":"A remote unauthenticated attacker may be able to execute arbitrary OS and SQL commands.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"Thanks to Tod Beardsley of Rapid7 for reporting this vulnerability and MaZ for the original vulnerability discovery.","author":"This document was written by Chris King.","public":["http://www.centreon.com/Content-products/it-infrastructure-and-application-monitoring-centreon","http://cwe.mitre.org/data/definitions/89.html","http://cwe.mitre.org/data/definitions/77.html","http://seclists.org/fulldisclosure/2014/Oct/78"],"cveids":["CVE-2014-3828","CVE-2014-3829"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-09-03T14:02:40Z","publicdate":"2014-10-15T00:00:00Z","datefirstpublished":"2014-10-17T18:21:22Z","dateupdated":"2014-10-17T18:25:35Z","revision":18,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.1","cvss_environmentalscore":"6.0716555424","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}