Lucene search

MitreCVE-2023-32781

HistoryAug 09, 2023 - 12:15 p.m.

CVE-2023-32781

2023-08-0912:15:10

CWE-77

mitre

web.nvd.nist.gov

cve-2023-32781

prtg

command injection

vulnerability

hl7 sensor

cvss

nvd

security

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.042

Percentile

92.4%

JSON

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected configurations

Nvd

Node

paesslerprtg_network_monitorRange<23.3.86.1520

VendorProductVersionCPE
paesslerprtg_network_monitor*cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
paessler	prtg_network_monitor	*	cpe:2.3:a:paessler:prtg_network_monitor::::::::

References

packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.html

kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520

www.paessler.com/prtg/history/stable

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.042

Percentile

92.4%

JSON

Related for CVE-2023-32781