← Voltar para CVEs
CVE-2018-9276
HIGHCISA KEV7.2
Descricao
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
Detalhes CVE
Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado7/2/2018
Ultima modificacao11/6/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorPaessler
ProdutoPRTG Network Monitor
Nome da vulnerabilidadePaessler PRTG Network Monitor OS Command Injection Vulnerability
Data inclusao KEV2025-02-04
Prazo de remediacao2025-02-25
Uso em ransomwareUnknown
Produtos afetados
paessler:prtg_network_monitor
Fraquezas (CWE)
CWE-78CWE-78
Referencias
http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html(cve@mitre.org)
http://www.securityfocus.com/archive/1/542103/100/0/threaded(cve@mitre.org)
https://www.exploit-db.com/exploits/46527/(cve@mitre.org)
http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/542103/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46527/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-9276(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.