CVE-2017-15008 in PRTG Network Monitor
Summary
by MITRE
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 11/21/2019
PRTG Network Monitor version 17.3.33.2830 contains a stored cross-site scripting vulnerability that affects all sensor titles within the system. This vulnerability stems from improper handling of special characters, specifically the null byte character %00, within the SRC attribute of IMG elements. The flaw allows attackers to inject malicious scripts that persist in the system and execute when sensor titles are displayed to users. The vulnerability is categorized under CWE-79 as a failure to sanitize user input, specifically in the context of HTML attribute values where the null byte character is not properly escaped or filtered. When a malicious actor submits a sensor title containing crafted HTML with an IMG element containing a null byte in the SRC attribute, the application fails to properly sanitize this input before storing it in the database. This stored payload then executes in the context of other users who view the affected sensor titles, potentially leading to session hijacking, credential theft, or redirection to malicious sites. The vulnerability impacts the core functionality of PRTG's monitoring capabilities, as sensor titles are frequently displayed in various interfaces including dashboards, alerts, and reports. The null byte handling issue represents a classic input validation failure where the application does not adequately process special characters that can alter the intended behavior of HTML parsing. This vulnerability aligns with ATT&CK technique T1566.001 which involves the exploitation of web applications through the injection of malicious content into web pages viewed by other users. The stored nature of this XSS vulnerability means that the malicious payload remains persistent in the system until manually removed, making it particularly dangerous for long-term exploitation. The impact extends beyond simple script execution as it can enable attackers to escalate privileges within the PRTG environment, potentially gaining access to sensitive network monitoring data and system configurations. Organizations using PRTG Network Monitor should immediately apply the vendor-provided patch or upgrade to a version that properly handles null byte characters in HTML attributes to prevent exploitation of this vulnerability.
The vulnerability occurs because PRTG fails to properly escape or filter special characters including the null byte %00 when processing IMG element attributes. This allows attackers to inject malicious code that persists in the database and executes whenever the affected sensor titles are rendered in web interfaces. The flaw is particularly concerning as it affects all sensor titles throughout the system, meaning any monitored device or network component that uses a maliciously crafted title could serve as an attack vector. The improper error handling specifically relates to how the application processes URL encoding and HTML attribute parsing, where the null byte character is not recognized as a potentially dangerous input sequence that requires sanitization. This vulnerability represents a fundamental failure in the application's input validation and output encoding mechanisms, creating a persistent security risk that can be exploited by attackers with minimal privileges. The stored XSS nature means that the malicious code is not limited to a single session or request but remains active until explicitly removed from the system's database. Security practitioners should note that this vulnerability can be leveraged to establish persistent access points within network monitoring environments, potentially allowing attackers to monitor network traffic or manipulate monitoring data. The weakness directly impacts the integrity and availability of the monitoring system, as malicious actors could potentially disrupt services or hide their activities within the monitored network infrastructure. The vulnerability's exploitation requires no special privileges beyond the ability to create or modify sensor titles, making it particularly dangerous in environments where multiple users have administrative access to the PRTG system. Organizations should implement comprehensive input validation controls that specifically address null byte sequences and other special characters that could be used to manipulate HTML parsing behavior in web applications.