Vulnerability CVE-2019-11073


Published: 2020-03-16

Description:
A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.

Type:

CWE-20

(Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Paessler -> Prtg network monitor 

 References:
https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html
https://www.paessler.com/prtg/history/stable

Copyright 2024, cxsecurity.com

 

Back to Top