How severe is CVE-2019-11074 vulnerability?

CVE-2019-11074 has a severity level of 7.2, which is considered critical.

Which version of PRTG Network Monitor is affected by CVE-2019-11074?

PRTG Network Monitor 19.1.49 and below are affected by CVE-2019-11074.

How can I fix CVE-2019-11074?

To fix CVE-2019-11074, you should update PRTG Network Monitor to a version above 19.1.49.

Vulnerability/
CVE-2019-11074

critical

CWE

434

17/3/2020

4/8/2024

CVE-2019-11074: Malicious File Upload

Q: What is CVE-2019-11074?

CVE-2019-11074 is a vulnerability in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges.

Q: What is the impact of CVE-2019-11074?

The impact of CVE-2019-11074 is that attackers can place files in arbitrary locations with SYSTEM privileges, although they cannot control the contents of those files.

First published: Tue Mar 17 2020(Updated: )

A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Paessler PRTG Traffic Grapher	<=19.1.49

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-11074?
CVE-2019-11074 is a vulnerability in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges.
How severe is CVE-2019-11074 vulnerability?
CVE-2019-11074 has a severity level of 7.2, which is considered critical.
What is the impact of CVE-2019-11074?
The impact of CVE-2019-11074 is that attackers can place files in arbitrary locations with SYSTEM privileges, although they cannot control the contents of those files.
Which version of PRTG Network Monitor is affected by CVE-2019-11074?
PRTG Network Monitor 19.1.49 and below are affected by CVE-2019-11074.
How can I fix CVE-2019-11074?
To fix CVE-2019-11074, you should update PRTG Network Monitor to a version above 19.1.49.

agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/weakness
agent/severity
agent/author
agent/references
agent/first-publish-date
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/paessler
canonical/paessler prtg traffic grapher
version/paessler prtg traffic grapher/19.1.49

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.