Lucene search

[email protected]CVE-2023-32782

HistoryAug 09, 2023 - 12:15 p.m.

CVE-2023-32782

2023-08-0912:15:10

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023

command injection

prtg

dicom c-echo

vulnerability

security

nvd

cvss

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected configurations

NVD

Node

paesslerprtg_network_monitorRange<23.3.86.1520

CPENameOperatorVersion
paessler:prtg_network_monitorpaessler prtg network monitorlt23.3.86.1520

CPE	Name	Operator	Version
paessler:prtg_network_monitor	paessler prtg network monitor	lt	23.3.86.1520

References

kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520

www.paessler.com/prtg/history/stable

Social References

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.0%

JSON

Related for CVE-2023-32782

prion1 nvd1 cvelist1