CVEs that I have discovered
Centreon:
Outsmarting the network monitor.
Centreon is an IT monitoring platform, trusted by Fortune 500 companies worldwide.
It is an industry reference offering enterprise solutions.
It counts over 200,000+ ITOM users worldwide.
It is used in diverse sectors:
- IT & Telecommunication
- Transportation
- Government
- Health care
- Retail
- Utilities
- Finance & Insurance
- Aerospace & Defense
- Manufacturing
Some of the organisations using Centreon monitoring software:
- French Department of Justice
- KLM Air France
- Total
- Redbull
- Airbus, Bolloré, Amundi, CGI, Lacoste, EDF, Canal+, Sephora...
CVE-2019-19699
Authenticated RCE in Centreon =< 19.10 via misconfigured poller which allows execution of Post-restart commands.
More details can be found at:
github.com/SpengeSec/CVE-2019-19699
CVE-2020-12636
More details upon disclosure.