CVE-2019-19699: 
Centreon vulnerability analysis and mitigation

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration. The vulnerability allows system compromise through apache crontab misconfiguration, enabling the apache user to modify an executable file executed by root at 22:30 every day (NVD).

To exploit the vulnerability, an attacker must have Admin access to the Centreon Web Interface and create a custom command through main.php?p=60803&type=3. The attacker then needs to set the Pollers Post-Restart Command to this previously created command via main.php?p=60901&o=c&server_id=1. The exploit is triggered when exporting the Poller Configuration. The vulnerability has a CVSS v3.1 base score of 7.2 HIGH with vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

Successful exploitation of this vulnerability could lead to system compromise, allowing an attacker with admin access to execute arbitrary code with root privileges through the apache user (Github POC).

The vulnerability was fixed in versions after Centreon 19.10. For affected versions, recommended mitigations include properly configuring file permissions and ownership for critical files, implementing strict access controls, and using sudo commands with specific script execution permissions (Github POC).

The vulnerability was discovered by security researchers SpengeSec (Guylian Dw) and TheCyberGeek (Matthew B). The discovery was announced on Twitter and detailed proof of concept was published on Github (Twitter Announcement).