CVE-2023-32782: Command Injection
First published: Wed Aug 09 2023(Updated: )
A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Paessler PRTG Traffic Grapher | <23.3.86.1520 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this command injection?
The vulnerability ID for this command injection is CVE-2023-32782.
What is the affected software for this vulnerability?
The affected software for this vulnerability is Paessler PRTG Network Monitor version up to 23.3.86.1520.
What is the severity of CVE-2023-32782?
The severity of CVE-2023-32782 is high with a CVSS score of 7.2.
How can an attacker exploit this vulnerability?
An attacker with write permissions and authenticated access can abuse the debug option in the Dicom C-ECHO sensor to write new files that could potentially execute malicious code.
Is there a fix available for this vulnerability?
Yes, a fix is available in Paessler PRTG Network Monitor version 23.3.86.1520 and later.
- agent/references
- agent/type
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- vendor/paessler
- canonical/paessler prtg traffic grapher