Paessler: >> Prtg Network Monitor >> 17.3.33.2830 Security Vulnerabilities
CVE-2018-9276
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
Known exploited
CVSS Score
7.2
EPSS Score
0.838
Published
2018-07-02
Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls.
CVSS Score
7.5
EPSS Score
0.102
Published
2018-04-21
In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.
CVSS Score
6.5
EPSS Score
0.002
Published
2017-10-26
PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.
CVSS Score
6.7
EPSS Score
0.006
Published
2017-10-20
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-10-15
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.
CVSS Score
4.8
EPSS Score
0.002
Published
2017-10-04
PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-04
Page 3