CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
84.7%
PRTG Network Monitor is prone to an unauthenticated remote code
execution (RCE) vulnerability.
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:paessler:prtg_network_monitor";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.143666");
script_version("2024-06-28T15:38:46+0000");
script_tag(name:"last_modification", value:"2024-06-28 15:38:46 +0000 (Fri, 28 Jun 2024)");
script_tag(name:"creation_date", value:"2020-04-01 04:51:21 +0000 (Wed, 01 Apr 2020)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-06-25 16:15:00 +0000 (Thu, 25 Jun 2020)");
script_cve_id("CVE-2020-10374");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("PRTG Network Monitor < 20.1.57.1745 RCE Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_prtg_network_monitor_detect.nasl");
script_mandatory_keys("prtg_network_monitor/installed");
script_tag(name:"summary", value:"PRTG Network Monitor is prone to an unauthenticated remote code
execution (RCE) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"With a carefully crafted POST request, a possible attacker can perform an RCE
by executing a UNC path on the PRTG core server system with the security context of the PRTG core server service,
without the need of an authenticated session.
By utilizing the what parameter of the screenshot function that is used in the Contact Support form in PRTG, for
example, an attacker is able to inject a crafted, URI-compatible UNC path that is executed as part of the caller
chain down to the Chromium engine to create the screenshot.");
script_tag(name:"affected", value:"PRTG Network Monitor versions 19.2.50 through 20.1.56.");
script_tag(name:"solution", value:"Update to version 20.1.57.1745 or later.");
script_xref(name:"URL", value:"https://www.paessler.com/prtg/history/stable#20.1.57.1745");
script_xref(name:"URL", value:"https://kb.paessler.com/en/topic/87668-how-can-i-mitigate-cve-2020-10374-until-i-can-update");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_greater_equal(version: version, test_version: "19.2.50") &&
version_is_less(version: version, test_version: "20.1.57.1745")) {
report = report_fixed_ver(installed_version: version, fixed_version: "20.1.57.1745", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
84.7%