First published: Mon Jul 02 2018(Updated: )
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Paessler PRTG Network Monitor | <18.2.39 | |
Paessler PRTG Network Monitor | >19.3.52<21.2.68 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-9276 is an OS command injection vulnerability in PRTG Network Monitor before 18.2.39.
CVE-2018-9276 has a severity rating of 7.2 (critical).
An attacker with access to the PRTG System Administrator web console and administrative privileges can exploit the OS command injection vulnerability by sending malformed parameters in sensor or device requests.
PRTG Network Monitor versions before 18.2.39 and versions between 19.3.52 and 21.2.68 are affected by CVE-2018-9276.
To fix CVE-2018-9276, users should update to version 18.2.39 or newer, or version 21.2.68 or newer.