Main Vulnerability Database SB2018112122

SB2018112122 - Missing authorization in PRTG Network Monitor

Published: November 21, 2018 Updated: February 5, 2025

Security Bulletin ID SB2018112122

Severity

Critical

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Missing Authorization (CVE-ID: CVE-2018-19410)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authorization. A remote non-authenticated attacker can send a specially crafted HTTP request to application and create users with read-write privileges, including administrators.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Remediation

Install update from vendor's website.

References

https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-24/