#VU16207 OS command injection in PRTG Network Monitor - CVE-2018-19204

Cybersecurity Help s.r.o.

Published: 2018-12-03

Vulnerability identifier: #VU16207

Vulnerability risk: High

CVSSv4.0: 2.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Amber]

CVE-ID: CVE-2018-19204

CWE-ID: CWE-78

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PRTG Network Monitor
Server applications / Remote management servers, RDP, SSH

Vendor: Paessler AG

Description

The vulnerability allows a remote high-privileged attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to the user's input in the POST parameter 'proxyport_' is mishandled when creating an HTTP Advanced Sensor. A remote attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe and store arbitrary data in an arbitrary place on the file system to create an executable file in the Custom SensorsEXE directory and execute it by creating EXE/Script Sensor.

Mitigation
Update to version 18.3.44.2054.

Vulnerable software versions

PRTG Network Monitor: 18.1.36.3728 - 18.1.39.1648, 18.2.39 - 18.2.41.1652, 18.3.42.1727 - 18.3.43.2323

External links
https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-23/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in PRTG Network Monitor