CVE-2023-31452
moderate-risk
Published 2023-08-09
A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Do I need to act?
-
0.64% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (6)
Release Notes
https://www.paessler.com/prtg/history/stable
Release Notes
https://www.paessler.com/prtg/history/stable
37
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal