CVE-2017-15360 in PRTG Network Monitor
Summary
by MITRE
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 11/24/2019
CVE-2017-15360 represents a stored cross-site scripting vulnerability within PRTG Network Monitor version 17.3.33.2830 that specifically targets group names created within the system. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, which is one of the most prevalent and dangerous web application security flaws. The flaw manifests when the application fails to properly sanitize user input during the creation of group names, allowing malicious scripts to be stored and subsequently executed in the context of other users' browsers. The vulnerability is particularly concerning because it affects all group names created within the system, indicating a systemic issue rather than an isolated incident. The root cause lies in the application's incorrect error handling for HTML encoded scripts, which suggests that the system's input validation and output encoding mechanisms are insufficiently robust. When users create group names containing malicious script code, the application improperly processes this input, failing to adequately encode or sanitize the content before storing it in the database. This allows attackers to inject malicious JavaScript code that persists in the application's data storage, making it executable whenever the affected group names are displayed or processed. The operational impact of this vulnerability is significant as it enables attackers to perform actions such as stealing session cookies, redirecting users to malicious sites, or executing arbitrary commands within the context of the victim's browser. Attackers can craft group names containing malicious payloads that will execute whenever other users view the group listings or interact with the affected functionality. This stored XSS vulnerability can be exploited to compromise user sessions and potentially escalate privileges within the PRTG environment. The vulnerability also aligns with ATT&CK technique T1566.001 which involves the use of malicious payloads in web applications, and T1059.007 which covers scripting through web shells or similar mechanisms. Organizations using PRTG Network Monitor should immediately implement mitigations including input validation, output encoding, and regular security updates. The vulnerability demonstrates the critical importance of proper HTML encoding and input sanitization in web applications, particularly in network monitoring tools where users frequently create and manage group configurations. Without proper remediation, this flaw could enable attackers to gain unauthorized access to network monitoring data and potentially compromise the entire monitoring infrastructure. The vulnerability highlights the necessity of comprehensive security testing and the implementation of defense-in-depth strategies to protect against persistent threats in enterprise monitoring systems.