- Description
- PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Paessler PRTG Network Monitor Local File Inclusion Vulnerability
- Exploit added on
- Feb 4, 2025
- Exploit action due
- Feb 25, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
#CISA added four #security flaws (CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, CVE-2018-19410) to its KEV) catalogue. #Cybersecurity #infosec https://t.co/zaPMURFpJE https://t.co/BE5HDzKk6O
@twelvesec
7 Feb 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA añade cuatro vulnerabilidades explotadas activamente al catálogo de KEV. La lista de vulnerabilidades es la siguiente: CVE-2024-45195 (CVSS: 7,5/9,8), CVE-2024-29059 (CVSS: 7,5), CVE-2018-9276 (CVSS: 7,2) y CVE-2018-19410 (CVSS: 9,8). #cybersecurity https://t.co/auOVJDqTtm
@EHCGroup
5 Feb 2025
56 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5C56129-1786-42D8-A174-714602A8E714",
"versionEndExcluding": "18.2.40.1683"
}
],
"operator": "OR"
}
]
}
]