Path traversal

2023-08-0912:15:00

PRIOn knowledge base

www.prio-n.com

path traversal

hl7 sensor

prtg

vulnerability

authenticated user

write permissions

execute files

5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.4%

JSON

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CPENameOperatorVersion
prtg_network_monitorlt23.3.86.1520

CPE	Name	Operator	Version
	prtg_network_monitor	lt	23.3.86.1520

References

kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520

www.paessler.com/prtg/history/stable