What is CVE-2014-3829?

CVE-2014-3829 is a vulnerability in Merethis Centreon, classified under Code Injection. Published 2014-10-23.

Is CVE-2014-3829 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Merethis Centreon

CVE-2014-3829

displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.862 (99.4th percentile) — read the EPSS interpretation.

Affected products

Merethis Centreon — versions 2.5.1
Merethis Centreon_enterprise_server — versions 2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20141016 Multiple unauthenticated SQL injections and unauthenticated remote command injection in Centreon <= 2.5.2 and Centreon Enterprise Server <= 2.2|3.0 (mailing-list, Exploit, x_refsource_FULLDISC)
VU#298796 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2014-3829?: CVE-2014-3829 is a vulnerability in Merethis Centreon, classified under Code Injection. Published 2014-10-23.
Is CVE-2014-3829 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.