Sign-up

ID

VAR-201811-0885


CVE

CVE-2018-19204


TITLE

PRTG Network Monitor Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-014183

DESCRIPTION

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor. PRTG Network Monitor Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2018-19204 // JVNDB: JVNDB-2018-014183 // VULMON: CVE-2018-19204

IOT TAXONOMY

category:['network device']sub_category:network device

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:paesslermodel:prtg network monitorscope:ltversion:18.3.44.2054

Trust: 1.8

sources: JVNDB: JVNDB-2018-014183 // NVD: CVE-2018-19204

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19204
value: HIGH

Trust: 1.0

NVD: CVE-2018-19204
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201811-305
value: HIGH

Trust: 0.6

VULMON: CVE-2018-19204
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-19204
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2018-19204
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2018-19204 // JVNDB: JVNDB-2018-014183 // CNNVD: CNNVD-201811-305 // NVD: CVE-2018-19204

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-014183 // NVD: CVE-2018-19204

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-305

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201811-305

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014183

PATCH
title:September 24th 2018 - Version 18.3.44.2054url:https://www.paessler.com/prtg/history/prtg-18#18.3.44.2054
Trust: 0.8
title:Paessler PRTG Network Monitor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86730
Trust: 0.6
title:sec-daily-2019url:https://github.com/alphaSeclab/sec-daily-2019 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-19204 // 
            
            
            
            JVNDB: JVNDB-2018-014183 // 
            
            
            
            CNNVD: CNNVD-201811-305

EXTERNAL IDS
db:NVDid:CVE-2018-19204
Trust: 2.6
db:JVNDBid:JVNDB-2018-014183
Trust: 0.8
db:CNNVDid:CNNVD-201811-305
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULMONid:CVE-2018-19204
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2018-19204 // 
            
            
            
            JVNDB: JVNDB-2018-014183 // 
            
            
            
            CNNVD: CNNVD-201811-305 // 
            
            
            
            NVD: CVE-2018-19204

REFERENCES
url:https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-23/
Trust: 1.7
url:https://www.paessler.com/prtg/history/stable#18.3.44.2054
Trust: 1.7
url:http://en.securitylab.ru/lab/pt-2018-23
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19204
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19204
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/alphaseclab/sec-daily-2019
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            VULMON: CVE-2018-19204 // 
            
            
            
            JVNDB: JVNDB-2018-014183 // 
            
            
            
            CNNVD: CNNVD-201811-305 // 
            
            
            
            NVD: CVE-2018-19204

SOURCES
db:OTHERid: - 
db:VULMONid:CVE-2018-19204
db:JVNDBid:JVNDB-2018-014183
db:CNNVDid:CNNVD-201811-305
db:NVDid:CVE-2018-19204

LAST UPDATE DATE
2025-01-30T21:06:39.147000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2018-19204date:2021-06-29T00:00:00
db:JVNDBid:JVNDB-2018-014183date:2019-03-13T00:00:00
db:CNNVDid:CNNVD-201811-305date:2019-10-23T00:00:00
db:NVDid:CVE-2018-19204date:2024-11-21T03:57:32.990

SOURCES RELEASE DATE
db:VULMONid:CVE-2018-19204date:2018-11-12T00:00:00
db:JVNDBid:JVNDB-2018-014183date:2019-03-13T00:00:00
db:CNNVDid:CNNVD-201811-305date:2018-11-13T00:00:00
db:NVDid:CVE-2018-19204date:2018-11-12T16:29:00.497