Vulnerability Description
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Paessler | Prtg Network Monitor | < 23.3.86.1520 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execu
- https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paesslerVendor Advisory
- https://www.paessler.com/prtg/history/stableRelease Notes
- http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execu
- https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paesslerVendor Advisory
- https://www.paessler.com/prtg/history/stableRelease Notes
FAQ
What is CVE-2023-32781?
CVE-2023-32781 is a vulnerability with a CVSS score of 7.2 (HIGH). A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write ne...
How severe is CVE-2023-32781?
CVE-2023-32781 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-32781?
Check the references section above for vendor advisories and patch information. Affected products include: Paessler Prtg Network Monitor.