CVE-2018-11587 — Centreon RCE Vulnerability

Description

There is Remote Code Execution in Centreon 3.4.6 including Centreon Web 2.8.23 via the RPN value in the Virtual Metric form in centreonGraph.class.php.

How to fix CVE-2018-11587

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Packagist/centreon/centreon—no fix listed

Is CVE-2018-11587 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2018-11587
WEBdocumentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.8/centreon-2.8.24.html
WEBgithub.com/centreon/centreon-archived/pull/6263
WEBgithub.com/centreon/centreon-archived/pull/6263/commits/fb438e6aaf133cc5f9d25130653ba8fdc6ecf51f