CVE-2023-31448

Name of the Vulnerable Software and Affected Versions PRTG versions 23.2.84.1566 and earlier

Description A path traversal vulnerability was identified in the HL7 sensor where an authenticated user with write permissions could trick the sensor into behaving differently for existing files and non-existing files, allowing the sensor to execute files outside the designated custom sensors folder.

Recommendations For versions 23.2.84.1566 and earlier, consider disabling the HL7 sensor until a patch is available to prevent path traversal exploitation. Restrict access to the HL7 message input parameter to minimize the risk of arbitrary file choice from the system.