← Advisories

Centreon 2.6.1 CSRF Add Admin Exploit

Medium
Advisory ID
ZSL-2015-5263
Release Date
26 September 2015
Vendor
Centreon - https://www.centreon.com
Affected Version
2.6.1 (CES 3.2)
CVE
N/A
Tested On
CentOS 6.6 (Final), Apache/2.2.15, PHP/5.3.3
Summary

Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management.

Description

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept
centreon_csrf.txtTXT
Disclosure Timeline
10.08.2015Vulnerability discovered.
12.08.2015Vendor contacted.
13.08.2015Vendor replies asking more details.
13.08.2015Sent details to the vendor.
14.08.2015Vendor sends details to developing team.
19.08.2015Asked vendor for status update.
19.08.2015Vendor states that some issues were fixed in 2.6.2 and rest will be fixed in 2.6.3 or 2.7.
25.08.2015Asked vendor for status update.
25.08.2015Vendor will get back to us by 15th of September because of holidays.
16.09.2015No reply from the vendor.
17.09.2015Informed vendor about public release.
17.09.2015Vendor has released version 2.6.2 fixing the file upload issue. Remaining issues promised to be fixed in next release.
24.09.2015Vendor releases version 2.6.3 to fix remaining issues?
26.09.2015Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.2.html
[2]https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.3.html
[3]https://www.exploit-db.com/exploits/38339/
[4]https://packetstormsecurity.com/files/133751
[5]https://cxsecurity.com/issue/WLB-2015090169
[6]https://exchange.xforce.ibmcloud.com/vulnerabilities/106863
[7]https://secunia.com/advisories/66651/
[8]https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.6.5.html
Changelog
26.09.2015Initial release
07.10.2015Added reference [3], [4], [5] and [6]
10.11.2015Added reference [7]
21.11.2015Added reference [8]