CVE-2019-11074

Name of the Vulnerable Software and Affected Versions PRTG Network Monitor versions 19.1.49 and below

Description A Write to Arbitrary Location in Disk issue exists due to insufficient sanitisation when passing arguments to the phantomjs.exe binary, allowing attackers to place files in arbitrary locations with SYSTEM privileges. Remote authenticated administrators can exploit this by creating a new HTTP Full Web Page Sensor and setting specific settings when executing the sensor.

Recommendations For versions 19.1.49 and below, update to a version above 19.1.49 to resolve the issue. As a temporary workaround, consider restricting access to the phantomjs.exe binary and the HTTP Full Web Page Sensor to minimize the risk of exploitation.