CVE-2019-17642: 
Centreon vulnerability analysis and mitigation

An issue was discovered in Centreon before 18.10.8, 19.10.1, and 19.04.2. It allows Cross-Site Request Forgery (CSRF) with resultant remote command execution via shell metacharacters in a POST request to centreon-autodiscovery-server/views/scan/ajax/call.php in the Autodiscovery plugin (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue stems from improper validation of user-supplied data in the Autodiscovery plugin's AJAX functionality, which can be exploited through CSRF attacks to achieve remote command execution (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary commands on the affected system through CSRF attacks. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the system (NVD).

The vulnerability has been fixed in Centreon versions 18.10.8, 19.10.1, and 19.04.2. Users should upgrade to these or later versions to protect against this vulnerability. The fix specifically addresses the RCE exploitation through Ajax requests (Centreon Release Notes).