CVE-2023-32781: Command Injection
First published: Wed Aug 09 2023(Updated: )
A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paessler PRTG Traffic Grapher | <23.3.86.1520 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-32781?
CVE-2023-32781 is a command injection vulnerability in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor.
How does CVE-2023-32781 affect Paessler PRTG Network Monitor?
CVE-2023-32781 affects Paessler PRTG Network Monitor versions up to 23.2.84.1566.
How severe is CVE-2023-32781?
CVE-2023-32781 has a severity score of 7.2 (high).
How can an authenticated user exploit CVE-2023-32781?
An authenticated user with write permissions can abuse the debug option to write new files that could potentially be executed by the EXE/Script sensor.
How can I fix CVE-2023-32781?
To fix CVE-2023-32781, you should upgrade to Paessler PRTG Network Monitor version 23.3.86.1520 or later.
- agent/type
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/paessler
- canonical/paessler prtg traffic grapher