CVE-2019-11073: 
PRTG Network Monitor vulnerability analysis and mitigation

A Remote Code Execution vulnerability exists in PRTG Network Monitor before version 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. The vulnerability requires remote authenticated administrators to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed (CVE Details).

The vulnerability stems from insufficient sanitization of input parameters when passing arguments to the HttpTransactionSensor.exe binary. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.2 HIGH (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicating high severity with network attack vector, low attack complexity, and high privileges required (NVD).

If successfully exploited, the vulnerability allows attackers to execute arbitrary code with system privileges on the affected system. This could potentially lead to complete system compromise, as the code would run with the same privileges as the PRTG Network Monitor service (NVD).

The vulnerability has been patched in PRTG Network Monitor version 19.4.54.1506. Users are advised to upgrade to this version or later to mitigate the risk (Paessler Release Notes).

The German Federal Office for Information Security (BSI) issued an advisory about this vulnerability, classifying it as risk level 3, indicating its significance for network monitoring systems (BSI Advisory).