← Retour aux CVEs

CVE-2023-31452

HIGH

8.8

Description

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie8/9/2023

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

paessler:prtg_network_monitor

Faiblesses (CWE)

CWE-352

References

https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520(cve@mitre.org)

https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520(cve@mitre.org)

https://www.paessler.com/prtg/history/stable(cve@mitre.org)

https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520(af854a3a-2127-422b-91ae-364da2661108)

https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520(af854a3a-2127-422b-91ae-364da2661108)

https://www.paessler.com/prtg/history/stable(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.