SonicWall Capture Labs identified a high-severity SQL Injection vulnerability (CVE-2024-23119) in Centreon Web, affecting older Centreon Web releases. Authenticated attackers could execute arbitrary SQL against the database, with mitigation focusing on upgrading Centreon Web and monitoring logs. #Centreon #CVE-2024-23119 #SQLInjection #ZDI #CentreonWeb #main.get.php
Keypoints
- Vulnerability: CVE-2024-23119, a high-severity SQL Injection vulnerability in Centreon.
- Impact: Affects Centreon Web versions prior to 22.10.17, 23.04.13, and 23.10.5.
- CVSS Score: 8.8, indicating a high risk to confidentiality, integrity, and availability.
- Exploit Prediction: 0.07% chance of exploitation in the next 30 days.
- Attack Vector: Requires authenticated access to the Centreon web interface.
- Mitigation: Upgrade to the latest Centreon Web versions and monitor system logs.
- Signatures Released: IPS signature 20295 for Centreon SQL Injection.
MITRE Techniques
- [T1190] SQL Injection β Brief description of how it was used. βAttackers can exploit the SQL Injection vulnerability by sending crafted HTTP POST requests with malicious SQL payloads.β
- [T1203] Exploitation for Client Execution β Brief description of how it was used. βAttackers authenticate to the Centreon API and exploit the SQL injection vulnerability to execute arbitrary SQL commands.β
Indicators of Compromise
- [IOC Type] None identified β No IPs, domains, file hashes, or file names are explicitly mentioned in the article.