CVE-2020-11547

Name of the Vulnerable Software and Affected Versions PRTG Network Monitor versions prior to 20.1.57.1745

Description The issue allows remote unauthenticated attackers to obtain sensitive information about the server, including CPU usage, memory, Windows version, and internal statistics, by sending an HTTP request. This can be achieved by accessing specific pages, such as login.htm or index.htm, with a type=probes parameter.

Recommendations For versions prior to 20.1.57.1745, update to version 20.1.57.1745 or later to resolve the issue. As a temporary workaround, consider restricting access to the login.htm and index.htm pages to minimize the risk of exploitation. Avoid using the type=probes parameter in HTTP requests to these pages until the issue is resolved.