Paessler: >> Prtg Network Monitor >> 12.4.6 Security Vulnerabilities
CVE-2018-9276
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
Known exploited
CVSS Score
7.2
EPSS Score
0.809
Published
2018-07-02
Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls.
CVSS Score
7.5
EPSS Score
0.102
Published
2018-04-21
Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-24
Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-18
Paessler PRTG before 16.2.24.4045 has XSS via SNMP.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-04-10
XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-01-23
Page 3