CVE-2023-32781 in PRTG Network Monitor
الملخص
بحسب MITRE • 09/08/2023
An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.