CVE-2018-19410
First published: Wed Nov 21 2018(Updated: )
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paessler PRTG Network Monitor | <18.2.40.1683 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for PRTG Network Monitor?
The vulnerability ID for PRTG Network Monitor is CVE-2018-19410.
What is the severity of CVE-2018-19410?
The severity of CVE-2018-19410 is critical with a score of 9.8.
How does CVE-2018-19410 impact PRTG Network Monitor?
CVE-2018-19410 allows remote unauthenticated attackers to create users with read-write privileges, including administrator access.
Is there a fix for CVE-2018-19410?
Yes, updating PRTG Network Monitor to version 18.2.40.1683 or newer will fix the vulnerability.
Where can I find more information about CVE-2018-19410?
You can find more information about CVE-2018-19410 at the following link: [https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-24/](https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-24/)
- collector/nvd-index
- agent/severity
- agent/author
- agent/event
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/paessler
- canonical/paessler prtg network monitor