CVE-2022-42425
📋 TL;DR
CVE-2022-42425 is an SQL injection vulnerability in Centreon's poller broker configuration that allows authenticated attackers to escalate privileges to administrator level. This affects Centreon installations where users can access the poller configuration interface. Attackers need valid credentials but can then gain full administrative control.
💻 Affected Systems
- Centreon
📦 What is this software?
Centreon by Centreon
Centreon by Centreon
Centreon by Centreon
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining administrator privileges, potentially leading to data theft, service disruption, or further network penetration.
Likely Case
Privilege escalation to administrator level allowing configuration changes, data access, and potential installation of backdoors.
If Mitigated
Limited impact with proper input validation and least privilege access controls in place.
🎯 Exploit Status
Authentication required but SQL injection exploitation is straightforward once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 22.04.0, 21.10.8, or 21.04.14
Vendor Advisory: https://www.centreon.com/en/security-centreon-advisory/
Restart Required: Yes
Instructions:
1. Backup your Centreon configuration and database. 2. Update to Centreon 22.04.0, 21.10.8, or 21.04.14. 3. Restart Centreon services. 4. Verify the update was successful.
🔧 Temporary Workarounds
Input Validation Enhancement
linuxImplement additional input validation for poller broker configuration parameters
# Requires code modification - not a simple command
Access Restriction
allRestrict access to poller configuration interface to trusted administrators only
# Configure firewall rules or web server access controls
🧯 If You Can't Patch
- Implement strict input validation and parameterized queries for poller configuration
- Apply network segmentation and restrict access to Centreon interface to trusted IPs only
🔍 How to Verify
Check if Vulnerable:
Check Centreon version via web interface or command line: rpm -qa | grep centreon-webCheck Version:
rpm -qa | grep centreon-web | grep -E '22.04.0|21.10.8|21.04.14'Verify Fix Applied:
Verify version is 22.04.0, 21.10.8, or 21.04.14 or later📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed authentication attempts followed by poller configuration access
- Unexpected privilege escalation events
Network Indicators:
- Unusual traffic patterns to poller configuration endpoints
- SQL injection patterns in HTTP requests
SIEM Query:
source="centreon.log" AND ("poller" AND "broker" AND "configuration") AND (sql OR injection OR "privilege escalation")