CVE-2018-19204

EPSS 1.62%
Veröffentlicht 12.11.2018 16:29:00
Zuletzt bearbeitet 21.11.2024 03:57:32
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paessler ≫ Prtg Network Monitor Version < 18.3.44.2054

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.62%	0.813

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://en.securitylab.ru/lab/PT-2018-23

Third Party Advisory

https://www.paessler.com/prtg/history/stable#18.3.44.2054

Vendor Advisory

https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-23/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-19204

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19204

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19204

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2018-19204