CVE-2023-32781

HIGH

PRTG CVE-2023-32781 Authenticated RCE

Title source: metasploit

Description

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploits (1)

metasploit WORKING POC EXCELLENT

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/176677/PRTG-Authenticated-Remote-Code-Execution.html

[Vendor Advisory] https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520

[Release Notes] https://www.paessler.com/prtg/history/stable

Scores

CVSS v3 7.2

EPSS 0.4473

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

paessler/prtg_network_monitor < 23.3.86.1520

Published Aug 09, 2023

Tracked Since Feb 18, 2026