Vulnerability Details CVE-2023-31452
A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.1%
CVSS Severity
CVSS v3 Score 8.8
References
- https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520
- https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520
- https://www.paessler.com/prtg/history/stable
- https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520
- https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520
- https://www.paessler.com/prtg/history/stable
Products affected by CVE-2023-31452
-
cpe:2.3:a:paessler:prtg_network_monitor:-
-
cpe:2.3:a:paessler:prtg_network_monitor:12.2.1
-
cpe:2.3:a:paessler:prtg_network_monitor:12.2.2
-
cpe:2.3:a:paessler:prtg_network_monitor:12.3.1
-
cpe:2.3:a:paessler:prtg_network_monitor:12.3.3
-
cpe:2.3:a:paessler:prtg_network_monitor:12.3.4
-
cpe:2.3:a:paessler:prtg_network_monitor:12.4.4
-
cpe:2.3:a:paessler:prtg_network_monitor:12.4.5
-
cpe:2.3:a:paessler:prtg_network_monitor:12.4.6
-
cpe:2.3:a:paessler:prtg_network_monitor:12.4.7
-
cpe:2.3:a:paessler:prtg_network_monitor:13.1.1
-
cpe:2.3:a:paessler:prtg_network_monitor:13.2.3
-
cpe:2.3:a:paessler:prtg_network_monitor:13.3.4
-
cpe:2.3:a:paessler:prtg_network_monitor:13.3.5
-
cpe:2.3:a:paessler:prtg_network_monitor:13.3.6
-
cpe:2.3:a:paessler:prtg_network_monitor:13.4.6
-
cpe:2.3:a:paessler:prtg_network_monitor:13.4.7
-
cpe:2.3:a:paessler:prtg_network_monitor:14.1.8
-
cpe:2.3:a:paessler:prtg_network_monitor:14.1.9
-
cpe:2.3:a:paessler:prtg_network_monitor:14.2.9
-
cpe:2.3:a:paessler:prtg_network_monitor:14.3.10
-
cpe:2.3:a:paessler:prtg_network_monitor:14.3.11
-
cpe:2.3:a:paessler:prtg_network_monitor:14.4.12
-
cpe:2.3:a:paessler:prtg_network_monitor:14.4.12.3282
-
cpe:2.3:a:paessler:prtg_network_monitor:14.4.13
-
cpe:2.3:a:paessler:prtg_network_monitor:15.1.13
-
cpe:2.3:a:paessler:prtg_network_monitor:15.1.15
-
cpe:2.3:a:paessler:prtg_network_monitor:15.2.16
-
cpe:2.3:a:paessler:prtg_network_monitor:15.2.17
-
cpe:2.3:a:paessler:prtg_network_monitor:15.3.18
-
cpe:2.3:a:paessler:prtg_network_monitor:15.3.19
-
cpe:2.3:a:paessler:prtg_network_monitor:15.4.20
-
cpe:2.3:a:paessler:prtg_network_monitor:15.4.21
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2011
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2012
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2251
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2252
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2391
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2392
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2565
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2566
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2657
-
cpe:2.3:a:paessler:prtg_network_monitor:16.1.22.2658
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23.3077
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23.3078
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23.3171
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23.3172
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23.3233
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23.3234
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23.3269
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.23.3270
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.3685
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.3686
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.3791
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.3792
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.4045
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.4046
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.4273
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.4274
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.4469
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.4470
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.4665
-
cpe:2.3:a:paessler:prtg_network_monitor:16.2.24.4666
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.24.4979
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.24.4980
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.24.5302
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.24.5303
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25.5488
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25.5489
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25.5766
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25.5767
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25.6072
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25.6073
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25.6123
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.25.6124
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.26
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.26.6384
-
cpe:2.3:a:paessler:prtg_network_monitor:16.3.26.6385
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27.6719
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27.6720
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27.6845
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27.6846
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27.6984
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27.6985
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27.7140
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.27.7141
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.28
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.28.7279
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.28.7339
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.28.7352
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.28.7403
-
cpe:2.3:a:paessler:prtg_network_monitor:16.4.28.7421
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.28
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.28.1032
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.28.1341
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.29
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.29.1427
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.29.1531
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.30
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.30.1618
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.30.1681
-
cpe:2.3:a:paessler:prtg_network_monitor:17.1.30.1719
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.30.1767
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.30.1825
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.30.1883
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.31
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.31.1917
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.31.1977
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.31.2018
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.31.2153
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.32
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.32.2206
-
cpe:2.3:a:paessler:prtg_network_monitor:17.2.32.2279
-
cpe:2.3:a:paessler:prtg_network_monitor:17.3.32.2309
-
cpe:2.3:a:paessler:prtg_network_monitor:17.3.32.2339
-
cpe:2.3:a:paessler:prtg_network_monitor:17.3.32.2478
-
cpe:2.3:a:paessler:prtg_network_monitor:17.3.33
-
cpe:2.3:a:paessler:prtg_network_monitor:17.3.33.2686
-
cpe:2.3:a:paessler:prtg_network_monitor:17.3.33.2753
-
cpe:2.3:a:paessler:prtg_network_monitor:17.3.33.2830
-
cpe:2.3:a:paessler:prtg_network_monitor:17.4.33.3251
-
cpe:2.3:a:paessler:prtg_network_monitor:17.4.33.3283
-
cpe:2.3:a:paessler:prtg_network_monitor:17.4.35
-
cpe:2.3:a:paessler:prtg_network_monitor:17.4.35.3441
-
cpe:2.3:a:paessler:prtg_network_monitor:17.4.36
-
cpe:2.3:a:paessler:prtg_network_monitor:17.4.36.3595
-
cpe:2.3:a:paessler:prtg_network_monitor:17.4.36.3670
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.36
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.36.3728
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.36.3733
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.37
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.37.12158
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.37.13946
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.38
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.38.11934
-
cpe:2.3:a:paessler:prtg_network_monitor:18.1.38.11958
-
cpe:2.3:a:paessler:prtg_network_monitor:18.2.39
-
cpe:2.3:a:paessler:prtg_network_monitor:18.2.39.1661
-
cpe:2.3:a:paessler:prtg_network_monitor:18.2.40
-
cpe:2.3:a:paessler:prtg_network_monitor:18.2.40.1683
-
cpe:2.3:a:paessler:prtg_network_monitor:18.2.41
-
cpe:2.3:a:paessler:prtg_network_monitor:18.2.41.1652
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.42
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.42.1727
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.42.1748
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.43
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.43.2317
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.43.2323
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.44
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.44.2054
-
cpe:2.3:a:paessler:prtg_network_monitor:18.3.44.2059
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.45
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.45.1889
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.45.1898
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.46
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.46.1706
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.46.1736
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.46.1754
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.47
-
cpe:2.3:a:paessler:prtg_network_monitor:18.4.47.1962
-
cpe:2.3:a:paessler:prtg_network_monitor:19.1.48.2868
-
cpe:2.3:a:paessler:prtg_network_monitor:19.1.48.2876
-
cpe:2.3:a:paessler:prtg_network_monitor:19.1.48.2891
-
cpe:2.3:a:paessler:prtg_network_monitor:19.1.48.2929
-
cpe:2.3:a:paessler:prtg_network_monitor:19.1.49
-
cpe:2.3:a:paessler:prtg_network_monitor:19.1.49.1916
-
cpe:2.3:a:paessler:prtg_network_monitor:19.1.49.1966
-
cpe:2.3:a:paessler:prtg_network_monitor:19.2.49.2001
-
cpe:2.3:a:paessler:prtg_network_monitor:19.2.49.2004
-
cpe:2.3:a:paessler:prtg_network_monitor:19.2.49.2018
-
cpe:2.3:a:paessler:prtg_network_monitor:19.2.50
-
cpe:2.3:a:paessler:prtg_network_monitor:19.2.50.2842
-
cpe:2.3:a:paessler:prtg_network_monitor:19.3.51
-
cpe:2.3:a:paessler:prtg_network_monitor:19.3.51.2725
-
cpe:2.3:a:paessler:prtg_network_monitor:19.3.51.2830
-
cpe:2.3:a:paessler:prtg_network_monitor:19.3.52
-
cpe:2.3:a:paessler:prtg_network_monitor:19.3.52.3502
-
cpe:2.3:a:paessler:prtg_network_monitor:19.4.52.3515
-
cpe:2.3:a:paessler:prtg_network_monitor:19.4.53
-
cpe:2.3:a:paessler:prtg_network_monitor:19.4.53.1912
-
cpe:2.3:a:paessler:prtg_network_monitor:19.4.54
-
cpe:2.3:a:paessler:prtg_network_monitor:19.4.54.1506
-
cpe:2.3:a:paessler:prtg_network_monitor:20.1.55
-
cpe:2.3:a:paessler:prtg_network_monitor:20.1.55.1775
-
cpe:2.3:a:paessler:prtg_network_monitor:20.1.56
-
cpe:2.3:a:paessler:prtg_network_monitor:20.1.56.1547
-
cpe:2.3:a:paessler:prtg_network_monitor:20.1.56.1574
-
cpe:2.3:a:paessler:prtg_network_monitor:20.1.57
-
cpe:2.3:a:paessler:prtg_network_monitor:20.1.57.1745
-
cpe:2.3:a:paessler:prtg_network_monitor:20.1.57.1786
-
cpe:2.3:a:paessler:prtg_network_monitor:20.2.58
-
cpe:2.3:a:paessler:prtg_network_monitor:20.2.58.1629
-
cpe:2.3:a:paessler:prtg_network_monitor:20.2.59
-
cpe:2.3:a:paessler:prtg_network_monitor:20.2.59.1689
-
cpe:2.3:a:paessler:prtg_network_monitor:20.3.60
-
cpe:2.3:a:paessler:prtg_network_monitor:20.3.60.1623
-
cpe:2.3:a:paessler:prtg_network_monitor:20.3.61
-
cpe:2.3:a:paessler:prtg_network_monitor:20.3.61.1649
-
cpe:2.3:a:paessler:prtg_network_monitor:20.3.62
-
cpe:2.3:a:paessler:prtg_network_monitor:20.3.62.1397
-
cpe:2.3:a:paessler:prtg_network_monitor:20.4.63
-
cpe:2.3:a:paessler:prtg_network_monitor:20.4.63.1412
-
cpe:2.3:a:paessler:prtg_network_monitor:20.4.63.1427
-
cpe:2.3:a:paessler:prtg_network_monitor:20.4.64
-
cpe:2.3:a:paessler:prtg_network_monitor:20.4.64.1402
-
cpe:2.3:a:paessler:prtg_network_monitor:21.1.65
-
cpe:2.3:a:paessler:prtg_network_monitor:21.1.65.1767
-
cpe:2.3:a:paessler:prtg_network_monitor:21.1.66
-
cpe:2.3:a:paessler:prtg_network_monitor:21.1.66.1623
-
cpe:2.3:a:paessler:prtg_network_monitor:21.1.66.1664
-
cpe:2.3:a:paessler:prtg_network_monitor:21.2.67
-
cpe:2.3:a:paessler:prtg_network_monitor:21.2.67.1562
-
cpe:2.3:a:paessler:prtg_network_monitor:21.2.68
-
cpe:2.3:a:paessler:prtg_network_monitor:21.2.68.1492
-
cpe:2.3:a:paessler:prtg_network_monitor:21.3.69.1333
-
cpe:2.3:a:paessler:prtg_network_monitor:21.3.70.1629
-
cpe:2.3:a:paessler:prtg_network_monitor:21.3.71.1416
-
cpe:2.3:a:paessler:prtg_network_monitor:21.4.72.1649
-
cpe:2.3:a:paessler:prtg_network_monitor:21.4.73.1656
-
cpe:2.3:a:paessler:prtg_network_monitor:22.1.74.1869
-
cpe:2.3:a:paessler:prtg_network_monitor:22.1.75.1569
-
cpe:2.3:a:paessler:prtg_network_monitor:22.1.75.1588
-
cpe:2.3:a:paessler:prtg_network_monitor:22.1.75.1594
-
cpe:2.3:a:paessler:prtg_network_monitor:22.2.76.1705
-
cpe:2.3:a:paessler:prtg_network_monitor:22.2.77.2204
-
cpe:2.3:a:paessler:prtg_network_monitor:22.3.78.1873
-
cpe:2.3:a:paessler:prtg_network_monitor:22.3.79.2108
-
cpe:2.3:a:paessler:prtg_network_monitor:7.1.3.3378