CVE-2019-16405 Information

Description

Centreon Web before 2.8.30 18.10.x before 18.10.8 19.04.x before 19.04.5 and 19.10.x before 19.10.2 allows Remote Code Execution by an administrator who can modify Macro Expression location settings. CVE-2019-16405 and CVE-2019-17501 are similar to one another and may be the same.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Reference

http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8.html https://github.com/centreon/centreon/pull/7864 https://github.com/centreon/centreon/pull/7884 https://github.com/TheCyberGeek/CVE-2019-16405.rb https://thecybergeek.co.uk/cves/2019/09/17/CVE-2019-16405-06.html https://thecybergeek.co.uk/cves/2019/09/19/CVEs.html

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.2