← Volver a CVEs
CVE-2018-9276
HIGHCISA KEV7.2
Descripcion
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
Detalles CVE
Puntuacion CVSS v3.17.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado7/2/2018
Ultima modificacion11/6/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorPaessler
ProductoPRTG Network Monitor
Nombre vulnerabilidadPaessler PRTG Network Monitor OS Command Injection Vulnerability
Fecha inclusion KEV2025-02-04
Fecha limite remediacion2025-02-25
Uso en ransomwareUnknown
Productos afectados
paessler:prtg_network_monitor
Debilidades (CWE)
CWE-78CWE-78
Referencias
http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html(cve@mitre.org)
http://www.securityfocus.com/archive/1/542103/100/0/threaded(cve@mitre.org)
https://www.exploit-db.com/exploits/46527/(cve@mitre.org)
http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/542103/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46527/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-9276(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.