Dmitry Galecha

**Name of the Vulnerable Software and Affected Versions** PRTG Network Monitor versions prior to 18.2.41.1652 **Description** The issue allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request. **Recommendations** For versions prior to 18.2.41.1652, update to version 18.2.41.1652 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PRTG Network Monitor versions prior to 18.3.44.2054 PRTG Network Monitor versions prior to 19.4.54.1506 **Description** The issue allows a remote authenticated attacker with read-write privileges to execute arbitrary code and OS commands with system privileges. This is due to the mishandling of user input in the `proxyport ` parameter when creating an HTTP Advanced Sensor. An attacker can craft an HTTP request to override the `writeresult` command-line parameter for HttpAdvancedSensor.exe, allowing them to store arbitrary data in any location on the file system. For instance, an attacker can create an executable file in the Custom SensorsEXE directory and execute it by creating an EXE/Script Sensor. **Recommendations** For versions prior to 18.3.44.2054, update to version 18.3.44.2054 or later to resolve the issue. For versions prior to 19.4.54.1506, update to version 19.4.54.1506 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP Advanced Sensor and EXE/Script Sensor features until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** PRTG Network Monitor versions prior to 18.2.40.1683 **Description** The issue is related to insecure privilege management in PRTG Network Monitor, allowing remote unauthenticated attackers to create users with read-write privileges, including administrators. This can be achieved by crafting an HTTP request to override attributes of the 'include' directive in /public/login.htm, performing a Local File Inclusion attack by including and executing /api/addusers. The attack involves providing the `id` and `users` parameters. **Recommendations** For versions prior to 18.2.40.1683, update to version 18.2.40.1683 or later to resolve the issue. As a temporary workaround, consider restricting access to the /public/login.htm and /api/addusers endpoints to minimize the risk of exploitation. Additionally, restrict the use of the `id` and `users` parameters in the affected API endpoint until the issue is resolved.