Lucene search

[email protected]CVE-2021-27220

HistoryMar 31, 2021 - 10:15 p.m.

CVE-2021-27220

2021-03-3122:15:14

[email protected]

web.nvd.nist.gov

prtg

network monitor

cve-2021-27220

security vulnerability

path traversal

screenshot functionality

web server

file system

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.9%

JSON

An issue was discovered in PRTG Network Monitor before 21.1.66.1623. By invoking the screenshot functionality with prepared context paths, an attacker is able to verify the existence of certain files on the filesystem of the PRTG’s Web server.

Affected configurations

NVD

Node

paesslerprtg_network_monitorRange<21.1.66.1623

CPENameOperatorVersion
paessler:prtg_network_monitorpaessler prtg network monitorlt21.1.66.1623

CPE	Name	Operator	Version
paessler:prtg_network_monitor	paessler prtg network monitor	lt	21.1.66.1623

References

www.paessler.com/prtg/history/stable#21.1.66.1623

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for CVE-2021-27220

openvas1 prion1 nvd1 cvelist1