CVE-2020-11547

EPSS 87.33%
Veröffentlicht 05.04.2020 00:15:11
Zuletzt bearbeitet 21.11.2024 04:58:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paessler ≫ Prtg Network Monitor Version < 20.1.57.1745

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	87.33%	0.994

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2020-11547

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11547

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11547

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-11547