The vulnerability of network monitoring software for PRTG Network Monitor lies in the insecure management of privileges. This allows a malicious actor with the “read-only” privilege to create users with the “read-write” privilege.

🗓️ 20 Dec 2018 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

PRTG flaw lets a read-only user create read-write or admin accounts via /api/addusers.

Reporter	Title	Published	Views	Family All 10
CNVD	PRTG Network Monitor Improper Authorization Vulnerability	22 Nov 201800:00	–	cnvd
CVE	CVE-2018-19411	21 Nov 201816:00	–	cve
Cvelist	CVE-2018-19411	21 Nov 201816:00	–	cvelist
EUVD	EUVD-2018-11104	7 Oct 202500:30	–	euvd
NVD	CVE-2018-19411	21 Nov 201816:29	–	nvd
OpenVAS	PRTG Network Monitor <= 18.2.39.1661 Multiple Vulnerabilities	22 Nov 201800:00	–	openvas
OSV	CVE-2018-19411	21 Nov 201816:29	–	osv
Prion	Cross site request forgery (csrf)	21 Nov 201816:29	–	prion
Positive Technologies	PT-2018-25: Improper Authorization in PRTG Network Monitor	7 May 201800:00	–	ptsecurity
RedhatCVE	CVE-2018-19411	9 Jan 202612:01	–	redhatcve

Vulners

Node

paessler_ag prtg_network_monitorRange≤18.2.39.1661

Source	Link
cxsecurity	www.cxsecurity.com/cveshow/CVE-2018-19411/
ptsecurity	www.ptsecurity.com/ru-ru/research/threatscape/pt-2018-25/
web	www.web.nvd.nist.gov/view/vuln/detail
securitylab	www.securitylab.ru/lab/PT-2018-25

23 Mar 2021 00:00Current

7.6High risk

Vulners AI Score7.6

CVSS 38.8

CVSS 29

EPSS0.0087

prtg network monitor privilege management flaw read only privilege unauthorized user creation addusers endpoint