CVE-2020-11547

EUVD-2020-3898
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
paesslerprtg_network_monitor
𝑥
< 20.1.57.1745
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure
https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure