Stack-based buffer overflow in PRTG Network Monitor

#VU12613 Stack-based buffer overflow in PRTG Network Monitor

Published: 2021-06-17

Vulnerability identifier: #VU12613

Vulnerability risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-10253

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PRTG Network Monitor
Server applications / Remote management servers, RDP, SSH

Vendor: Paessler AG

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to mishandling of stack memory during unspecified API calls. A remote attacker can trigger memory corruption and cause the service to crash.

Mitigation
Update to version 18.1.39.1648.

Vulnerable software versions

PRTG Network Monitor: 18.1.37 - 18.1.39.1612

External links
http://www.paessler.com/prtg/history/preview

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Denial of service in Paessler AG PRTG Network Monitor