CVE-2023-32781
published 2023-08-09CVE-2023-32781: A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions…
PriorityP356high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
12.34%
95.7th percentile
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paessler | prtg_network_monitor | < 23.3.86.1520 | 23.3.86.1520 |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb↗
- →Monitor for abuse of the PRTG HL7 sensor debug option by authenticated users with write permissions, specifically new file creation that may be subsequently executed by the EXE/Script sensor. ↗
- →A public Metasploit module exists for this CVE targeting Windows HTTP PRTG instances; monitor for exploitation attempts matching the module's request patterns against PRTG web interfaces. ↗
- ·Exploitation requires an authenticated session with write permissions; unauthenticated or read-only accounts cannot trigger this vulnerability. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.htmlhttps://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520https://www.paessler.com/prtg/history/stablehttp://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.htmlhttps://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520https://www.paessler.com/prtg/history/stable
2023-08-09
Published