CVE-2019-11073

Опубликовано: 16 мар. 2020

Источник: nvd

CVSS3: 7.2

CVSS2: 9

EPSS Средний

Описание

A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.

Ссылки

https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/
Exploit
Third Party Advisory
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html
Third Party Advisory
https://www.paessler.com/prtg/history/stable
Release Notes
https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/
Exploit
Third Party Advisory
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html
Third Party Advisory
https://www.paessler.com/prtg/history/stable
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*

Версия до 19.4.54.1506 (исключая)

EPSS

Процентиль: 94%

0.12676

Средний

7.2 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-2rpv-42c9-4hgr

github

больше 3 лет назад