A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.
References
Link | Resource |
---|---|
https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/ | Exploit Third Party Advisory |
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html | Third Party Advisory |
https://www.paessler.com/prtg/history/stable | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-16T18:41:58
Updated: 2020-03-16T18:41:58
Reserved: 2019-04-10T00:00:00
Link: CVE-2019-11073
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-16T19:15:11.350
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-11073
JSON object: View
Redhat Information
No data.
CWE