Paessler patches PRTG zero-day vulnerability - 20240117005¶
Overview¶
Paessler has released updates to address a zero-day vulnerability in PRTG Network Monitor which could allow remote threat actors to bypass authentication on affected versions.
What is the Vulnerability?¶
CVE-2023-51630 - This vulnerability allows remote attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
What is Vulnerable?¶
| Product(s) Affected | Summary | Severity | CVSS |
|---|---|---|---|
| All versions of PRTG Network Monitor including 23.4.90.1299 and prior | The specific flaw exists within the web console. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. | TBA | 8.8 |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
- It is highly recommended to update PRTG Network Monitor to version 24.1.90.1306 or later - PRTG Network Monitor - Release Notes (paessler.com)