CVE-2020-10374

moderate-risk
Published 2020-03-30

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.

Do I need to act?

~
4.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Paessler

References (6)

Mitigation https://kb.paessler.com/en/topic/87668-how-can-i-mitigate-cve-2020-10374-until-i...
https://tehtris.com/en/rce-on-prtg-network-monitor-tehtris-pentest/
Vendor Advisory https://www.paessler.com/prtg/history/stable#20.1.57.1745
Mitigation https://kb.paessler.com/en/topic/87668-how-can-i-mitigate-cve-2020-10374-until-i...
https://tehtris.com/en/rce-on-prtg-network-monitor-tehtris-pentest/
Vendor Advisory https://www.paessler.com/prtg/history/stable#20.1.57.1745
45
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 8/34 · Low
Exposure 5/34 · Minimal