CVE-2023-32782: 
PRTG Network Monitor vulnerability analysis and mitigation

A command injection vulnerability was identified in PRTG Network Monitor version 23.2.84.1566 and earlier versions, specifically in the Dicom C-ECHO sensor. The vulnerability allows an authenticated user with write permissions to abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The vulnerability was discovered and disclosed in August 2023, affecting the PRTG Network Monitor software (NVD, Paessler KB).

The vulnerability is classified as a command injection vulnerability (CWE-77) that allows authenticated users with write permissions to exploit the debug option in the Dicom C-ECHO sensor. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 base score of 7.2 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The attack requires network access and high privileges but no user interaction, and can potentially affect the confidentiality, integrity, and availability of the system (NVD).

If successfully exploited, the vulnerability allows attackers to write new files that could be executed by the EXE/Script sensor, potentially leading to arbitrary code execution with system privileges. This could result in complete compromise of the affected system's confidentiality, integrity, and availability (NVD).

The vulnerability has been fixed in PRTG Network Monitor version 23.3.86.1520. Users are recommended to update to this version or later through the Auto-Update feature to maintain the highest level of security. No alternative workarounds have been published (Paessler KB).