An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html | Exploit Mitigation Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/archive/1/542103/100/0/threaded | Broken Link Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/46527/ | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-07-02T16:00:00
Updated: 2021-01-28T15:06:06
Reserved: 2018-04-04T00:00:00
Link: CVE-2018-9276
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-07-02T16:29:00.600
Modified: 2023-04-25T15:41:59.657
Link: CVE-2018-9276
JSON object: View
Redhat Information
No data.
CWE