This article applies to PRTG 23.2.84.1566 and earlier
Summary
As of PRTG 23.3.86, multiple vulnerabilities were fixed. The vulnerabilities addressed are as follow.
- Open redirect, which affects the PRTG web interface
You can view the original report posted on Linked In.
Details
What CVE-2023-31448 - PRTG HL7 Path Traversal is about
A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder.
The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
What CVE-2023-31449 - PRTG WMI Path Traversal is about
A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder.
The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
What CVE-2023-31450 - PRTG SQL Path Traversal is about
A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder.
The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
What CVE-2023-31452 - PRTG CSRF bypass is about
A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users.
The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
What CVE-2023-32781 - PRTG RCE HL7 Sensor is about
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor.
The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What CVE-2023-32782 - PRTG RCE Dicom Query is about
A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor.
The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What is the Open Redirect about
An open redirect vulnerability was identified in PRTG 23.2.84.1566 and earlier versions where a URL could redirect the user to foreign domains. This could potentially be misused for phishing attacks. A user must actively click or otherwise try to visit a vulnerable URL to successfully exploit this vulnerability.
Steps to take
We recommend that you always update to the latest version of PRTG via the Auto-Update feature to maintain the highest level of security. By updating to PRTG 23.3.86.1520, your PRTG installation is not vulnerable to the above-mentioned vulnerabilities anymore.
Add comment