A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
Configurations
History
21 Nov 2024, 08:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.html - | |
References | () https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 - Vendor Advisory | |
References | () https://www.paessler.com/prtg/history/stable - Release Notes |
23 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Aug 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
15 Aug 2023, 17:36
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
11 Aug 2023, 18:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:* | |
First Time |
Paessler
Paessler prtg Network Monitor |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-77 | |
References | (MISC) https://www.paessler.com/prtg/history/stable - Release Notes | |
References | (MISC) https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 - Vendor Advisory |
09 Aug 2023, 12:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-09 12:15
Updated : 2024-11-21 08:04
NVD link : CVE-2023-32781
Mitre link : CVE-2023-32781
CVE.ORG link : CVE-2023-32781
JSON object : View
Products Affected
paessler
- prtg_network_monitor
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')