CVE-2019-19119: 
PRTG Network Monitor vulnerability analysis and mitigation

An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a local user with limited privileges could read the PRTG System Administrator user account's password hash from the Windows registry. This vulnerability was assigned CVE-2019-19119. The issue was discovered by Aleksandr Melkikh from Positive Technologies (PRTG Blog).

The vulnerability exists due to default Windows registry permissions that allow local users read access to registry paths used by PRTG. This allows an attacker with local user access to read the PRTG System Administrator password hash. The vulnerability has a CVSS score indicating high severity with the following vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H/E:U/RL:O/RC:C (PRTG Blog).

The vulnerability allows a local attacker with limited privileges to obtain the password hash of the PRTG System Administrator account, potentially leading to unauthorized access to the PRTG system with administrative privileges (PRTG Blog).

The vulnerability was fixed in PRTG version 19.4.54. Users running affected versions should update to version 19.4.54 or later as soon as possible. Paessler sent email notifications to customers running vulnerable versions with detailed information about the vulnerability (PRTG Blog).