CVE-2019-11074

Sažetak

A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.

Reference

https://how2itsec.blogspot.com/2019/10/security-fixes-in-prtg-1935152.html
https://www.paessler.com/prtg/history/stable
https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

29-06-2021 - 13:51

Objavljeno

17-03-2020 - 15:15