Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-10374
CVE-2020-10374:
PRTG Network Monitor vulnerability analysis and mitigation
Overview
A webserver component in Paessler PRTG Network Monitor versions 19.2.50 to 20.1.56 contained a critical vulnerability (CVE-2020-10374) that allowed unauthenticated remote command execution. The vulnerability could be exploited via a crafted POST request or through the 'what' parameter of the screenshot function in the Contact Support form. This vulnerability was discovered in early 2020 by TEHTRIS during a remote pentest engagement (TEHTRIS Blog).
Technical details
The vulnerability received a CVSS v3.1 base score of 9.8 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability allowed attackers to execute arbitrary code remotely through the webserver component by utilizing the screenshot function's 'what' parameter in the Contact Support form. The attack vector involved injecting a crafted, URI-compatible UNC path that would be executed as part of the caller chain down to the Chromium engine (NVD).
Impact
The vulnerability allowed unauthenticated attackers to execute arbitrary commands on the PRTG core server system with the security context of the PRTG core server service. As of April 2020, over 30,000 PRTG Monitor servers were exposed to the Internet, making this a significant security risk for organizations using affected versions (TEHTRIS Blog).
Mitigation and workarounds
Paessler released version 20.1.57.1745 to patch the vulnerability. For systems that couldn't immediately update, two mitigation options were provided: 1) Using a web application firewall (WAF) to block or modify HTTP POST and GET requests containing the 'what' parameter, or 2) Renaming the reporter.exe file in the PRTG installation directory to break the calling chain of the attack vector, though this would disable PDF report generation (Paessler KB).
Community reactions
Paessler responded promptly to the private disclosure by TEHTRIS, quickly releasing a patch and coordinating with MITRE for CVE assignment. TEHTRIS praised Paessler's immediate response to the vulnerability disclosure (TEHTRIS Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management