Sign-up

ID

VAR-201807-1874


CVE

CVE-2018-9276


TITLE

PRTG Network Monitor In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007924

DESCRIPTION

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios. PRTG Network Monitor Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-9276 // JVNDB: JVNDB-2018-007924 // VULMON: CVE-2018-9276

IOT TAXONOMY

category:['network device']sub_category:network device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:paesslermodel:prtg network monitorscope:ltversion:18.2.39

Trust: 1.8

vendor:paesslermodel:prtg network monitorscope:gtversion:19.3.52

Trust: 1.0

vendor:paesslermodel:prtg network monitorscope:ltversion:21.2.68

Trust: 1.0

sources: JVNDB: JVNDB-2018-007924 // NVD: CVE-2018-9276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-9276
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2018-9276
value: HIGH

Trust: 1.0

NVD: CVE-2018-9276
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-062
value: HIGH

Trust: 0.6

VULMON: CVE-2018-9276
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-9276
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2018-9276
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2018-9276
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2018-9276 // JVNDB: JVNDB-2018-007924 // CNNVD: CNNVD-201807-062 // NVD: CVE-2018-9276 // NVD: CVE-2018-9276

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-007924 // NVD: CVE-2018-9276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-062

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-062

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007924

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2018-9276

PATCH
title:April 2018 - Version 18.2.39url:https://www.paessler.com/prtg/history/stable#18.2.39
Trust: 0.8
title:Paessler PRTG Network Monitor Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81668
Trust: 0.6
title:CVE-2018-9276url:https://github.com/wildkindcc/CVE-2018-9276 
Trust: 0.1
title:CVE-2018-9276url:https://github.com/A1vinSmith/CVE-2018-9276 
Trust: 0.1
title:7h3rAm-writeupsurl:https://github.com/paramint/7h3rAm-writeups 
Trust: 0.1
title:writeupsurl:https://github.com/7h3rAm/writeups 
Trust: 0.1
title:https-github.com-7h3rAm-writeupsurl:https://github.com/V-R-T/https-github.com-7h3rAm-writeups 
Trust: 0.1
title: - url:https://github.com/khulnasoft-labs/awesome-security 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-9276 // 
            
            
            
            JVNDB: JVNDB-2018-007924 // 
            
            
            
            CNNVD: CNNVD-201807-062

EXTERNAL IDS
db:NVDid:CVE-2018-9276
Trust: 2.6
db:PACKETSTORMid:148334
Trust: 2.5
db:PACKETSTORMid:161183
Trust: 1.7
db:EXPLOIT-DBid:46527
Trust: 1.7
db:JVNDBid:JVNDB-2018-007924
Trust: 0.8
db:PACKETSTORMid:152030
Trust: 0.6
db:CNNVDid:CNNVD-201807-062
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULMONid:CVE-2018-9276
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2018-9276 // 
            
            
            
            JVNDB: JVNDB-2018-007924 // 
            
            
            
            CNNVD: CNNVD-201807-062 // 
            
            
            
            NVD: CVE-2018-9276

REFERENCES
url:http://packetstormsecurity.com/files/148334/prtg-command-injection.html
Trust: 3.1
url:http://packetstormsecurity.com/files/161183/prtg-network-monitor-remote-code-execution.html
Trust: 2.3
url:http://www.securityfocus.com/archive/1/542103/100/0/threaded
Trust: 1.7
url:https://www.exploit-db.com/exploits/46527/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-9276
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-9276
Trust: 0.8
url:https://www.exploit-db.com/exploits/46527
Trust: 0.7
url:https://packetstormsecurity.com/files/152030/prtg-network-monitor-18.2.38-remote-code-execution.html
Trust: 0.6
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://github.com/wildkindcc/cve-2018-9276
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2018-9276 // 
            
            
            
            JVNDB: JVNDB-2018-007924 // 
            
            
            
            CNNVD: CNNVD-201807-062 // 
            
            
            
            NVD: CVE-2018-9276

CREDITS
Josh Berry,M4LV0
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201807-062

SOURCES
db:OTHERid: - 
db:VULMONid:CVE-2018-9276
db:JVNDBid:JVNDB-2018-007924
db:CNNVDid:CNNVD-201807-062
db:NVDid:CVE-2018-9276

LAST UPDATE DATE
2025-03-15T20:55:21.074000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-9276date:2023-04-25T00:00:00
db:JVNDBid:JVNDB-2018-007924date:2018-10-02T00:00:00
db:CNNVDid:CNNVD-201807-062date:2021-01-29T00:00:00
db:NVDid:CVE-2018-9276date:2025-03-14T20:39:51.137

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-9276date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007924date:2018-10-02T00:00:00
db:CNNVDid:CNNVD-201807-062date:2018-07-03T00:00:00
db:NVDid:CVE-2018-9276date:2018-07-02T16:29:00.600