CVE-2018-9276: Paessler PRTG Network Monitor OS Command Injection Vulnerability
First published: Mon Jul 02 2018(Updated: )
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paessler PRTG | ||
| Paessler PRTG | <18.2.39 | |
| Paessler PRTG | >19.3.52<21.2.68 | |
| <18.2.39 | ||
| >19.3.52<21.2.68 |
Remedy
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html
- http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html
- http://www.securityfocus.com/archive/1/542103/100/0/threaded
- https://www.exploit-db.com/exploits/46527/
- https://www.paessler.com/prtg/history/prtg-18#18.2.39
- https://nvd.nist.gov/vuln/detail/CVE-2018-9276
- https://www.bleepingcomputer.com/news/security/cisa-tags-microsoft-net-and-apache-ofbiz-bugs-as-exploited-in-attacks/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2018-9276?
CVE-2018-9276 is an OS command injection vulnerability in PRTG Network Monitor before 18.2.39.
What is the severity of CVE-2018-9276?
CVE-2018-9276 has a severity rating of 7.2 (critical).
How can an attacker exploit CVE-2018-9276?
An attacker with access to the PRTG System Administrator web console and administrative privileges can exploit the OS command injection vulnerability by sending malformed parameters in sensor or device requests.
Which versions of PRTG Network Monitor are affected by CVE-2018-9276?
PRTG Network Monitor versions before 18.2.39 and versions between 19.3.52 and 21.2.68 are affected by CVE-2018-9276.
How can I fix CVE-2018-9276?
To fix CVE-2018-9276, users should update to version 18.2.39 or newer, or version 21.2.68 or newer.
- agent/weakness
- agent/type
- agent/author
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/softwarecombine
- agent/description
- agent/last-modified-date
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-29059
- alias/CVE-2024-45195
- alias/CVE-2018-9276
- alias/CVE-2018-19410
- agent/news-ai
- exploited/true
- agent/references
- agent/source
- agent/severity
- agent/event
- agent/trending
- agent/tags
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- collector/nvd-index
- collector/nvd-cve
- vendor/paessler
- canonical/paessler prtg