Popular open-source monitoring program Centreon has released a big security advisory that fixes numerous SQL injection vulnerabilities in the Centreon Web interface.
A significant security alert has been released by the popular open-source monitoring tool Centreon, addressing many SQL injection vulnerabilities in the Centreon Web interface.
For organizations that depend on Centreon for IT infrastructure monitoring, these vulnerabilities—identified as CVE-2024-32501, CVE-2024-33852, CVE-2024-33853, CVE-2024-33854, CVE-2024-5725, and CVE-2024-39841—pose a serious danger. These vulnerabilities, which have CVSS scores as high as 9.1, might have serious repercussions if they are not fixed.
For administrators and operators using the Centreon platform to manage and keep an eye on their IT infrastructure, Centreon Web acts as a central center. All on-premise versions of Centreon Web are now vulnerable to potential exploitation as a result of the discovery of these SQL injection vulnerabilities.
CVE-2024-32501: A SQL injection vulnerability in the updateServiceHost function.
CVE-2024-33852 (CVSS 9.1): SQL injection in the Downtime component, allowing attackers to manipulate the database and extract sensitive information.
CVE-2024-33853 (CVSS 9.1): SQL injection in the Timeperiod component, which could be exploited to compromise the database.
CVE-2024-33854: SQL injection in the Graph Template component, posing a serious threat to data integrity.
CVE-2024-5725 (CVSS 8.8): SQL injection in the Metric Image component, enabling unauthorized access to the database.
CVE-2024-39841 (CVSS 8.8): SQL injection via service configuration, potentially allowing attackers to gain control over the Centreon Web system.
Although there haven’t been any instances where these vulnerabilities have been used, there is a good chance they will be, especially if a Centreon Web instance is online. A successful attack could have serious consequences, such as corrupting databases, granting unauthorized access to private information, or even taking down the entire system.
SQL injection attacks can affect any versions of Centreon Web that are hosted on-premises. Since the vulnerabilities impact Centeron Web’s essential features, it is imperative that all users respond right away.
To fix these serious vulnerabilities, Centreon has updated all supported versions of Centreon Web. The following are the suggested versions that have cumulative fixes:
Centeron Web 24.04.3
Web Centeron 23.10.13
Web Centre 23.04.19
Web Centre 22.10.23
It is highly recommended that users who are using unsupported versions of Centreon Web update to version 24.04 to guarantee the security of their computers. The required fixes have already been applied to the Centreon Cloud platforms.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.