Description Preview
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. An attacker can exploit this vulnerability by injecting an arbitrary script due to the lack of proper validation of user-supplied data within the PRTG Network Monitor web interface.
Overview
- CVE ID: CVE-2024-12833
- CVSS Score: 8 (High)
- CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE ID: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
- Vendor: Paessler
- Product: PRTG Network Monitor
- Affected Version: 24.1.92.1554 x64
- Vulnerability Type: Cross-Site Scripting (XSS)
- Attack Vector: Adjacent Network
- Exploitation: Requires some user interaction on the part of an administrator
Remediation
To remediate this vulnerability, users are advised to:
- Update to a patched version of Paessler PRTG Network Monitor that addresses the authentication bypass vulnerability.
- Implement proper input validation mechanisms to prevent arbitrary script injection.
- Regularly monitor and audit network traffic for any suspicious activities.
References
- ZDI Advisory: ZDI-24-1736
- Common Weakness Enumeration (CWE): CWE-79
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- ManufacturingManufacturing
- Health Care & Social AssistanceHealth Care & Social Assistance
- Public AdministrationPublic Administration
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Retail TradeRetail Trade
- Other Services (except Public Administration)Other Services (except Public Administration)
- Educational ServicesEducational Services
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- ConstructionConstruction
- Finance and InsuranceFinance and Insurance
- InformationInformation
- MiningMining
- Real Estate Rental & LeasingReal Estate Rental & Leasing
