CVE-2024-45756 is a SQL injection vulnerability identified in Centreon centreon-open-tickets, a component used for IT service monitoring and ticket management. The vulnerability affects multiple versions: 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. The flaw resides in the form used to create tickets, where insufficient input sanitization allows an attacker to inject malicious SQL commands. Exploitation requires the attacker to be an authenticated user with high-privileged access, such as an administrator or a user with elevated permissions within the Centreon platform. The vulnerability is classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), which can lead to unauthorized data access, modification, or deletion. The CVSS v3.1 base score is 7.2, reflecting network attack vector, low attack complexity, high privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Although no known exploits are publicly reported, the vulnerability poses a significant risk due to the potential for attackers to manipulate backend databases, extract sensitive information, or disrupt monitoring operations. Centreon is widely used in enterprise environments for IT infrastructure monitoring, making this vulnerability critical for organizations relying on it for operational continuity. The lack of available patches at the time of reporting necessitates immediate attention to access controls and monitoring.

The impact of CVE-2024-45756 is substantial for organizations using Centreon centreon-open-tickets. Successful exploitation can lead to unauthorized disclosure of sensitive data stored in the backend database, including potentially critical operational information. Attackers could also alter or delete ticket data, undermining incident response and IT service management processes. The availability of the monitoring system could be disrupted, affecting the organization's ability to detect and respond to infrastructure issues promptly. Given that exploitation requires high-privileged authenticated access, insider threats or compromised administrator accounts pose the greatest risk. The vulnerability could facilitate lateral movement within the network, enabling attackers to escalate privileges or pivot to other critical systems. For service providers and enterprises managing large IT environments, this could translate into operational downtime, compliance violations, and reputational damage. The absence of known public exploits currently limits immediate widespread attacks, but the vulnerability remains a critical risk until patched.

To mitigate CVE-2024-45756, organizations should implement the following specific measures: 1) Apply official patches or updates from Centreon as soon as they become available for the affected versions. 2) Restrict high-privileged user access strictly on a need-to-know basis and enforce strong authentication mechanisms, including multi-factor authentication for administrative accounts. 3) Conduct thorough input validation and sanitization on all user inputs in ticket creation forms, if custom modifications or interim fixes are possible. 4) Monitor logs for unusual SQL errors or suspicious activities related to ticket creation and database queries. 5) Employ web application firewalls (WAFs) with SQL injection detection rules tailored to Centreon’s ticketing endpoints. 6) Regularly audit user privileges and remove unnecessary high-level permissions. 7) Isolate Centreon management interfaces within secure network segments to limit exposure. 8) Prepare incident response plans specifically addressing potential exploitation of this vulnerability. These steps go beyond generic advice by focusing on access control tightening, monitoring, and network segmentation tailored to the Centreon environment.