CVE-2023-31452

EPSS 1.13%
Veröffentlicht 09.08.2023 12:15:09
Zuletzt bearbeitet 21.11.2024 08:01:53
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Paessler ≫ Prtg Network Monitor Version < 23.3.86.1520

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.13%	0.779

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://www.paessler.com/prtg/history/stable

Release Notes

https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520

Vendor Advisory

https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520

https://nvd.nist.gov/vuln/detail/CVE-2023-31452

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-31452

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-31452

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-31452