A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References
Configurations
History
21 Nov 2024, 08:01
Type | Values Removed | Values Added |
---|---|---|
References | () https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 - Vendor Advisory | |
References | () https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520 - | |
References | () https://www.paessler.com/prtg/history/stable - Release Notes |
22 Aug 2023, 19:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Aug 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
14 Aug 2023, 17:08
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
11 Aug 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:* | |
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Paessler
Paessler prtg Network Monitor |
|
References | (MISC) https://www.paessler.com/prtg/history/stable - Release Notes | |
References | (MISC) https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 - Vendor Advisory |
09 Aug 2023, 12:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-09 12:15
Updated : 2024-11-21 08:01
NVD link : CVE-2023-31452
Mitre link : CVE-2023-31452
CVE.ORG link : CVE-2023-31452
JSON object : View
Products Affected
paessler
- prtg_network_monitor
CWE
CWE-352
Cross-Site Request Forgery (CSRF)