CVE-2023-32781

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
paesslerprtg_network_monitor
𝑥
< 23.3.86.1520
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.html
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520
https://www.paessler.com/prtg/history/stable
http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.html
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520
https://www.paessler.com/prtg/history/stable