CVE-2023-31449

Name of the Vulnerable Software and Affected Versions PRTG versions 23.2.84.1566 and earlier

Description A path traversal vulnerability was identified in the WMI Custom sensor where an authenticated user with write permissions could trick the sensor into behaving differently for existing files and non-existing files, allowing the sensor to execute files outside the designated custom sensors folder. The vulnerability can be exploited by creating a WMI Custom Sensor and setting the WQL message, which contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.

Recommendations For versions 23.2.84.1566 and earlier, consider disabling the WMI Custom sensor until a patch is available to prevent exploitation of the path traversal vulnerability. Restrict access to the WQL message input parameter to minimize the risk of attackers choosing arbitrary files from the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.