CVE-2019-11073
HIGHPRTG Network Monitor < 19.4.54.1506 - Authenticated RCE via HttpTransactionSensor.exe
Title source: llmDescription
A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.
References (3)
Core 3
Core References
Release Notes x_refsource_misc
https://www.paessler.com/prtg/history/stable
Exploit, Third Party Advisory x_refsource_misc
https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/
Third Party Advisory x_refsource_misc
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html
Scores
CVSS v3
7.2
EPSS
0.0625
EPSS Percentile
92.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (1)
paessler/prtg_network_monitor
< 19.4.54.1506
Published
Mar 16, 2020
Tracked Since
Feb 18, 2026