CVE-2023-31452

Published: Aug 9, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected (1)

Products: Paessler: Prtg Network Monitor

1 product

Prtg Network Monitor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Paessler Prtg Network Monitor	Before 23.3.86.1520

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520

Source: cve@mitre.org

Vendor Advisory

https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520

Source: cve@mitre.org

https://www.paessler.com/prtg/history/stable

Source: cve@mitre.org

Release Notes

https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.paessler.com/prtg/history/stable

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.