CVE-2023-31452: 
PRTG Network Monitor vulnerability analysis and mitigation

A cross-site request forgery (CSRF) token bypass vulnerability was identified in PRTG Network Monitor version 23.2.84.1566 and earlier versions. This vulnerability allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. The vulnerability could enable attackers to force PRTG to execute different actions, such as creating new users (NVD, Paessler KB).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability allows attackers to bypass CSRF token protection mechanisms, which are designed to prevent unauthorized actions through cross-site request forgery attacks. The attack requires user interaction, as the victim must have an active session and be induced to trigger the malicious request (NVD).

The successful exploitation of this vulnerability could allow attackers to perform unauthorized actions with the permissions of the victim user. This includes the ability to execute different actions within PRTG, with one of the most critical being the creation of new user accounts. The high CVSS score reflects the significant potential impact on confidentiality, integrity, and availability of the system (Paessler KB).

The vulnerability has been fixed in PRTG Network Monitor version 23.3.86.1520. Users are strongly recommended to update to this version or later to address the vulnerability. The update can be performed via the Auto-Update feature in the PRTG web interface under Setup | Auto Update (Paessler KB).