CVE-2019-11073

Name of the Vulnerable Software and Affected Versions PRTG Network Monitor versions prior to 19.4.54.1506

Description A Remote Code Execution issue exists due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. This allows attackers to execute code. To exploit the issue, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.

Recommendations For versions prior to 19.4.54.1506, update to version 19.4.54.1506 or later to resolve the issue. As a temporary workaround, consider restricting access to the HttpTransactionSensor.exe binary until a patch is applied. Additionally, limit the creation of new HTTP Transaction Sensors to minimize the risk of exploitation.