CVE-2023-32781

Опубликовано: 09 авг. 2023

Источник: nvd

CVSS3: 7.2

EPSS Средний

Описание

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*

Версия до 23.3.86.1520 (исключая)

EPSS

Процентиль: 98%

0.45466

Средний

7.2 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-6hrq-pjj8-qgcg

CVSS3: 9.8

github

больше 2 лет назад

An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.