CVE-2024-33853
📋 TL;DR
A SQL injection vulnerability in the Timeperiod component of Centreon Web allows attackers to execute arbitrary SQL commands. This affects Centreon Web versions 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23. Organizations using these vulnerable versions are at risk of database compromise.
💻 Affected Systems
- Centreon Web
📦 What is this software?
Centreon Web by Centreon
Centreon Web by Centreon
Centreon Web by Centreon
Centreon Web by Centreon
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, and potential remote code execution on the underlying server.
Likely Case
Unauthorized database access, data exfiltration, and potential modification of monitoring configurations.
If Mitigated
Limited impact due to network segmentation, proper input validation, and database permissions restricting damage.
🎯 Exploit Status
SQL injection vulnerabilities typically have low exploitation complexity. Authentication may be required depending on component access controls.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24.04.3, 23.10.13, 23.04.19, 22.10.23
Vendor Advisory: https://thewatch.centreon.com/latest-security-bulletins-64/security-bulletin-for-centreon-web-3744
Restart Required: Yes
Instructions:
1. Backup your Centreon configuration and database. 2. Update to the patched version using your package manager (yum update centreon-web). 3. Restart Centreon services (systemctl restart centreon). 4. Verify the update was successful.
🔧 Temporary Workarounds
Input Validation Enhancement
linuxImplement additional input validation for Timeperiod parameters at the application level.
Not applicable - requires code modification
Database Permission Restriction
linuxRestrict database user permissions to minimize potential damage from SQL injection.
REVOKE ALL PRIVILEGES ON centreon.* FROM 'centreon'@'localhost';
GRANT SELECT, INSERT, UPDATE, DELETE ON centreon.* TO 'centreon'@'localhost';
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block SQL injection patterns targeting the Timeperiod component.
- Network segmentation to isolate Centreon Web from critical systems and restrict database access.
🔍 How to Verify
Check if Vulnerable:
Check Centreon Web version: rpm -qa | grep centreon-webCheck Version:
rpm -qa | grep centreon-webVerify Fix Applied:
Verify version is patched: rpm -qa | grep centreon-web should show 24.04.3, 23.10.13, 23.04.19, or 22.10.23📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in database logs
- Multiple failed login attempts followed by Timeperiod component access
- Unexpected database errors in application logs
Network Indicators:
- Unusual database connection patterns from Centreon Web server
- Large data transfers from database to unexpected destinations
SIEM Query:
source="centreon.log" AND ("SQL" OR "database error" OR "Timeperiod")