CVE-2018-9276

Published Jul 2, 2018

Last updated 19 days ago

Exploit known CVSS high 7.2

Overview

Description: An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name: Paessler PRTG Network Monitor OS Command Injection Vulnerability
Exploit added on: Feb 4, 2025
Exploit action due: Feb 25, 2025
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov: CWE-78
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D15F25A6-249B-4B7A-8D1B-0C1CE5726502",
            "versionEndExcluding": "18.2.39"
          },
          {
            "criteria": "cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "642F8BB6-42C2-42C3-B925-919BFDECF03C",
            "versionEndExcluding": "21.2.68",
            "versionStartExcluding": "19.3.52"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References