CVE-2018-9276

high-risk
Published 2018-07-02

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

Do I need to act?

!
84.8% chance of exploitation in next 30 days
EPSS score — higher than 15% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
!
1 public exploit available
46527
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Paessler

References (9)

Exploit http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html
Exploit http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Exe...
Broken Link http://www.securityfocus.com/archive/1/542103/100/0/threaded
Exploit https://www.exploit-db.com/exploits/46527/
Exploit http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html
Exploit http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Exe...
Broken Link http://www.securityfocus.com/archive/1/542103/100/0/threaded
Exploit https://www.exploit-db.com/exploits/46527/
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...
58
/ 100
high-risk
Severity 26/34 · High
Exploitability 27/34 · High
Exposure 5/34 · Minimal