CVE-2023-32781

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Configurations

Configuration 1 (hide)

cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:04

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.html - () http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.html -
References () https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 - Vendor Advisory () https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 - Vendor Advisory
References () https://www.paessler.com/prtg/history/stable - Release Notes () https://www.paessler.com/prtg/history/stable - Release Notes

23 Jan 2024, 17:15

Type Values Removed Values Added
References
  • () http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.html -

16 Aug 2023, 12:15

Type Values Removed Values Added
Summary An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution. A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

15 Aug 2023, 17:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 7.2

11 Aug 2023, 18:17

Type Values Removed Values Added
CPE cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
First Time Paessler
Paessler prtg Network Monitor
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-77
References (MISC) https://www.paessler.com/prtg/history/stable - (MISC) https://www.paessler.com/prtg/history/stable - Release Notes
References (MISC) https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 - (MISC) https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 - Vendor Advisory

09 Aug 2023, 12:46

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-09 12:15

Updated : 2024-11-21 08:04


NVD link : CVE-2023-32781

Mitre link : CVE-2023-32781

CVE.ORG link : CVE-2023-32781


JSON object : View

Products Affected

paessler

  • prtg_network_monitor
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')