CVE-2021-28053 – This SQL injection vulnerability in Centreon-We... (How to Fix)

Q: What is the severity of CVE-2021-28053?

CVE-2021-28053 has a CVSS score of 8.8 (HIGH). This SQL injection vulnerability in Centreon-Web allows authenticated attackers to execute arbitrary SQL commands through the Additional Information parameters in the user configuration interface. It affects Centreon Platform 20.10.0 installations, potentially compromising the entire monitoring database and system.

📋 TL;DR

This SQL injection vulnerability in Centreon-Web allows authenticated attackers to execute arbitrary SQL commands through the Additional Information parameters in the user configuration interface. It affects Centreon Platform 20.10.0 installations, potentially compromising the entire monitoring database and system.

💻 Affected Systems

Products:

Centreon Platform

Versions: 20.10.0

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to Centreon-Web interface with user configuration privileges.

📦 What is this software?

Centreon by Centreon

View all CVEs affecting Centreon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data exfiltration, privilege escalation to administrative access, and potential remote code execution on underlying systems.

🟠

Likely Case

Unauthorized access to sensitive monitoring data, configuration manipulation, and potential lateral movement within the Centreon infrastructure.

🟢

If Mitigated

Limited to authenticated user's permissions, with database-level controls preventing data destruction or system takeover.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection via web interface parameters, requires authenticated access but trivial to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.04.13

Vendor Advisory: https://github.com/centreon/centreon/releases/tag/20.04.13

Restart Required: Yes

Instructions:

1. Backup Centreon configuration and database. 2. Update to Centreon 20.04.13 or later. 3. Restart Centreon services. 4. Verify web interface functionality.

🔧 Temporary Workarounds

Input Validation Filter

linux

Implement web application firewall rules to filter SQL injection patterns in Additional Information parameters

# Example mod_security rule: SecRule ARGS:additional_info "@detectSQLi" "id:1001,phase:2,deny,status:403"

Access Restriction

all

Restrict access to Configuration > Users > Contacts / Users interface to only necessary administrative users

# Apache example: <Location "/centreon/main.php?p=501"> Require ip 10.0.0.0/8 </Location>

🧯 If You Can't Patch

Implement strict network segmentation to isolate Centreon servers from critical infrastructure
Enable database auditing and implement real-time SQL query monitoring for injection patterns

🔍 How to Verify

Check if Vulnerable:

Check Centreon version via web interface Admin > About or command: rpm -qa | grep centreon-web

Check Version:

rpm -qa | grep centreon-web | grep -E 'centreon-web-20'

Verify Fix Applied:

Verify version is 20.04.13 or later and test Additional Information field with SQL injection test payloads

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by configuration access
SQL syntax errors in web server logs from /centreon/main.php

Network Indicators:

POST requests to /centreon/main.php?p=501 with SQL keywords in parameters
Unusual database connections from web server IP

SIEM Query:

source="apache_access" AND uri="/centreon/main.php" AND (query="*p=501*" AND (query="*UNION*" OR query="*SELECT*" OR query="*INSERT*"))

📊 Metadata

CVE ID: CVE-2021-28053

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: July 16, 2021

Last Updated: November 21, 2024

🔗 References

https://docs.centreon.com/current/en/ Vendor Advisory
https://github.com/centreon/centreon/releases/tag/20.04.13 Release Notes,Third Party Advisory
https://redshell.co Third Party Advisory
https://docs.centreon.com/current/en/ Vendor Advisory
https://github.com/centreon/centreon/releases/tag/20.04.13 Release Notes,Third Party Advisory
https://redshell.co Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-28053, you might also want to check these: