PT-2020-12045 · Paessler · Prtg Network Monitor

Maike Guba

Published

2020-03-30

Updated

2020-06-25

CVE-2020-10374

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Paessler PRTG Network Monitor versions 19.2.50 through 20.1.56

Description The issue allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.

Recommendations For Paessler PRTG Network Monitor versions 19.2.50 through 20.1.56, consider disabling the Contact Support form or restricting access to the screenshot function until a patch is available. Avoid using the what parameter in the affected form to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2020-10374

Affected Products

Prtg Network Monitor

PT-2020-12045 · Paessler · Prtg Network Monitor

CVE-2020-10374

Weakness Enumeration

Related Identifiers

Affected Products

References · 6