CVE-2023-31448

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Aug 9, 2023
Updated: Aug 16, 2023
CWE ID 22

Summary

CVE-2023-31448 is a medium severity path traversal vulnerability affecting PRTG 23.2.84.1566 and earlier versions of the HL7 sensor. An authenticated user with write permissions can manipulate the HL7 sensor to behave differently for existing and non-existing files, enabling path traversal. This allows the sensor to execute files outside of the designated custom sensors folder. The vulnerability has a CVSS score of 4.7 and can be exploited through network (N) and local (L) access with high (H) privileges, affecting confidentiality (C) and integrity (I) of data.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PRTG Network Monitor

Affected Vendors

  • Paessler AG