CVE-2020-11547: 
PRTG Network Monitor vulnerability analysis and mitigation

PRTG Network Monitor before version 20.1.57.1745 contains an information disclosure vulnerability identified as CVE-2020-11547. The vulnerability allows remote unauthenticated attackers to obtain sensitive information about probes running or the server itself, including CPU usage, memory, Windows version, and internal statistics through crafted HTTP requests (MITRE, NVD).

The vulnerability can be exploited by sending HTTP requests to login.htm or index.htm endpoints with the 'type=probes' parameter. Attackers can access various system information by modifying the type parameter to access different data points such as version, cpuload, dnsname, serverhttpurl, windowsversion, systemid, treestat, memory, requests, screenshot, lastsync, probes, and warnings (GitHub POC).

The successful exploitation of this vulnerability allows unauthorized access to sensitive system information, including CPU usage, memory statistics, Windows version details, and internal system statistics. This information could be valuable for attackers in planning further targeted attacks against the affected system (NVD).

The vulnerability is fixed in PRTG Network Monitor version 20.1.57.1745 and later. Users should upgrade to the latest version to mitigate this security issue (MITRE).