CVE-2019-11073

{"id": "CVE-2019-11073", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2020-03-16T19:15:11.350", "references": [{"url": "https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.paessler.com/prtg/history/stable", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.paessler.com/prtg/history/stable", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-74"}]}], "descriptions": [{"lang": "en", "value": "A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en PRTG Network Monitor versiones anteriores a 19.4.54.1506, que permite a atacantes ejecutar c\u00f3digo debido a un saneamiento insuficiente cuando se pasan argumentos al binario HttpTransactionSensor.exe. A fin de explotar la vulnerabilidad, los administradores autenticados remotos necesitan crear un nuevo HTTP Transaction Sensor y establecer configuraciones espec\u00edficas cuando se ejecuta el sensor."}], "lastModified": "2024-11-21T04:20:29.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "621BCC52-2254-44DE-BB17-7F5E39216440", "versionEndExcluding": "19.4.54.1506"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}