CVE-2019-19699

Public Exploit

Description

There is Authenticated remote code execution in Centreon Infrastructure Monitoring Software through 19.10 via Pollers misconfiguration, leading to system compromise via apache crontab misconfiguration, This allows the apache user to modify an executable file executed by root at 22:30 every day. To exploit the vulnerability, someone must have Admin access to the Centreon Web Interface and create a custom main.php?p=60803&type=3 command. The user must then set the Pollers Post-Restart Command to this previously created command via the main.php?p=60901&o=c&server_id=1 URI. This is triggered via an export of the Poller Configuration.

Category

7.2
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 6.81% Top 10%
Vendor Advisory centreon.com Vendor Advisory centreon.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://download.centreon.com/ vendor advisory
https://www.centreon.com/ vendor advisory
https://twitter.com/SpengeSec/status/1204418071764463618 third party advisory
https://spenge.pw/cves/ third party advisory
https://github.com/SpengeSec/CVE-2019-19699 third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2019-19699?
CVE-2019-19699 has been scored as a high severity vulnerability.
How to fix CVE-2019-19699?
To fix CVE-2019-19699, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2019-19699 being actively exploited in the wild?
It is possible that CVE-2019-19699 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~7% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.