What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

What do I need to know about CVE-2022-35739?

Votes:

0

Your Vote:

Up

Down

What is the current status of CVE-2022-35739 and Paessler PRTG?

css cve prtg vulnerability

Created on Oct 28, 2022 11:48:46 AM by  Florian Weik [Paessler Support]

Last change on Oct 28, 2022 12:15:29 PM by  Florian Weik [Paessler Support]



1 Reply

Accepted Answer

Votes:

0

Your Vote:

Up

Down

CVE-2022-35739

Summary

Details

Researchers from Raxis published details for CVE-2022-35739. After executing our own investigation, we can confirm that PRTG is affected by CVE-2022-35739. Our conclusion aligns with Raxis’ suggesting that the severity of this vulnerability is low because it is difficult to exploit, and its impact is limited.

Early reports by the Federal Office for Information Security (BSI) evaluated this vulnerability in an automatic way due to the lack of information resulting in a wrong severity calculation (High instead of Low). We have already contacted the BSI so that they adjust their CVSS scoring to depict the actual severity.

We are currently working on fixing this vulnerability.

For details about the issue, see CVE 2022-35739 PRTG Network Monitor CSS Injection — Raxis and NVD - CVE-2022-35739 (nist.gov).

We will update this article as soon as new information is available.

Created on Oct 28, 2022 11:54:10 AM by  Florian Weik [Paessler Support]

Last change on Oct 28, 2022 12:11:47 PM by  Florian Weik [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.