Vulnerability Description
A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paessler | Prtg Network Monitor | < 23.3.86.1520 |
Related Weaknesses (CWE)
References
- https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paesslerVendor Advisory
- https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520
- https://www.paessler.com/prtg/history/stableRelease Notes
- https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paesslerVendor Advisory
- https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520
- https://www.paessler.com/prtg/history/stableRelease Notes
FAQ
What is CVE-2023-31452?
CVE-2023-31452 is a vulnerability with a CVSS score of 8.8 (HIGH). A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provide...
How severe is CVE-2023-31452?
CVE-2023-31452 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-31452?
Check the references section above for vendor advisories and patch information. Affected products include: Paessler Prtg Network Monitor.