Vulnerability Description
A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paessler | Prtg Network Monitor | < 19.4.54.1506 |
Related Weaknesses (CWE)
References
- https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/ExploitThird Party Advisory
- https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k1Third Party Advisory
- https://www.paessler.com/prtg/history/stableRelease Notes
- https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/ExploitThird Party Advisory
- https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k1Third Party Advisory
- https://www.paessler.com/prtg/history/stableRelease Notes
FAQ
What is CVE-2019-11073?
CVE-2019-11073 is a vulnerability with a CVSS score of 7.2 (HIGH). A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransa...
How severe is CVE-2019-11073?
CVE-2019-11073 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11073?
Check the references section above for vendor advisories and patch information. Affected products include: Paessler Prtg Network Monitor.