← Back to CVEs
CVE-2023-31448
MEDIUM4.7
Description
A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CVE Details
CVSS v3.1 Score4.7
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published8/9/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
paessler:prtg_network_monitor
Weaknesses (CWE)
CWE-22
References
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520(cve@mitre.org)
https://www.paessler.com/prtg/history/stable(cve@mitre.org)
https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520(af854a3a-2127-422b-91ae-364da2661108)
https://www.paessler.com/prtg/history/stable(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.