CVE Vulnerability

CVE-2018-9276

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html Exploit Mitigation
http://www.securityfocus.com/archive/1/542103/100/0/threaded Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/46527/ Exploit Third Party Advisory
http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
Information

Published : 2018-07-02 04:29

Updated : 2021-04-12 01:42

NVD link : CVE-2018-9276

Mitre link : CVE-2018-9276

Products Affected
No products.
CWE
CWE-78