CVE-2023-32781

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 9, 2023
Updated: Jan 23, 2024
CWE ID 77

Summary

CVE-2023-32781 is a high-severity command injection vulnerability affecting PRTG Network Monitor versions 23.2.84.1566 and earlier. This issue lies in the HL7 sensor, where an authenticated user with write permissions can exploit the debug option to create new files that could be executed by the EXE/Script sensor. The attack vector is network-accessible, allowing potential attackers to gain significant control over the system, resulting in high levels of impact on confidentiality, integrity, and availability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PRTG Network Monitor

Affected Vendors

  • Paessler AG