CVE-2024-55573 – A critical SQL injection vulnerability in Centr... (How to Fix)

Q: What is the severity of CVE-2024-55573?

CVE-2024-55573 has a CVSS score of 9.1 (CRITICAL). A critical SQL injection vulnerability in Centreon centreon-web allows authenticated users with high privileges to inject malicious SQL queries when creating virtual metrics. This affects Centreon monitoring platform users running vulnerable versions, potentially leading to complete database compromise.

📋 TL;DR

A critical SQL injection vulnerability in Centreon centreon-web allows authenticated users with high privileges to inject malicious SQL queries when creating virtual metrics. This affects Centreon monitoring platform users running vulnerable versions, potentially leading to complete database compromise.

💻 Affected Systems

Products:

Centreon centreon-web

Versions: 24.10.x before 24.10.3, 24.04.x before 24.04.9, 23.10.x before 23.10.19, 23.04.x before 23.04.24

Operating Systems: Linux (Centreon is typically deployed on Linux)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user with high privileges (admin or similar) to access the virtual metrics creation form.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including data exfiltration, modification, or deletion; potential privilege escalation to full system control via database functions.

🟠

Likely Case

Unauthorized data access, modification of monitoring configurations, potential lateral movement within the database environment.

🟢

If Mitigated

Limited impact if proper privilege separation exists and database permissions are restricted, though SQL injection could still affect accessible data.

🌐 Internet-Facing: HIGH if Centreon web interface is exposed to internet, as authenticated high-privilege users could exploit remotely.

🏢 Internal Only: HIGH as internal attackers with high privileges could exploit to gain database access and potentially move laterally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated high-privilege access to the web interface and knowledge of SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.10.3, 24.04.9, 23.10.19, 23.04.24

Vendor Advisory: https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55573-centreon-web-critical-severity-4264

Restart Required: Yes

Instructions:

1. Backup Centreon configuration and database. 2. Update to patched version via package manager (yum update centreon-web). 3. Restart Centreon services (systemctl restart centreon). 4. Verify update via web interface version check.

🔧 Temporary Workarounds

Restrict Virtual Metrics Access

linux

Temporarily remove or restrict access to virtual metrics creation functionality for non-essential users.

# Modify Centreon ACLs to restrict access to virtual metrics module
# Check Centreon documentation for specific ACL configuration

Database Input Validation

linux

Implement additional input validation at application or WAF level for virtual metrics parameters.

# Configure web application firewall rules to block SQL injection patterns
# Example mod_security rule: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny"

🧯 If You Can't Patch

Implement strict principle of least privilege: review and reduce high-privilege user accounts to absolute minimum.
Deploy web application firewall with SQL injection detection rules in front of Centreon web interface.

🔍 How to Verify

Check if Vulnerable:

Check Centreon web interface version via Administration > About, or run: rpm -qa | grep centreon-web

Check Version:

rpm -q centreon-web --queryformat '%{VERSION}-%{RELEASE}\n'

Verify Fix Applied:

Confirm version is 24.10.3, 24.04.9, 23.10.19, or 23.04.24 or higher via web interface or package manager.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs from Centreon application user
Multiple failed or unusual virtual metrics creation attempts in Centreon logs

Network Indicators:

Unusual database connection patterns from Centreon application server
SQL error messages in HTTP responses

SIEM Query:

source="centreon.log" AND "virtual.*metric" AND (error OR sql OR injection)

📊 Metadata

CVE ID: CVE-2024-55573

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.39% exploit probability (59.8th percentile)

Published: January 23, 2025

Last Updated: June 6, 2025

🔗 References

https://github.com/centreon/centreon/releases Release Notes
https://thewatch.centreon.com/latest-security-bulletins-64/cve-2024-55573-centreon-web-critical-severity-4264 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55573, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

Centreon Web by Centreon

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Virtual Metrics Access

Database Input Validation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities