CVE-2023-32782

Name of the Vulnerable Software and Affected Versions PRTG versions 23.2.84.1566 and earlier

Description A command injection issue was identified in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. This issue allows an attacker to utilize the DICOM sensor to write arbitrary data to the disk, which can be used to write a custom EXE sensor, resulting in remote code execution.

Recommendations For PRTG versions 23.2.84.1566 and earlier, consider disabling the debug option in the Dicom C-ECHO sensor to prevent abuse. Additionally, restrict access to the EXE/Script sensor to minimize the risk of exploitation. Avoid using the undocumented debug feature flag until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.