CVE-2023-51630: 
PRTG Network Monitor vulnerability analysis and mitigation

Paessler PRTG Network Monitor was found to contain a Cross-Site Scripting Authentication Bypass Vulnerability (CVE-2023-51630). The vulnerability was discovered on June 15, 2023, and publicly disclosed on January 15, 2024. This security flaw affects installations of Paessler PRTG Network Monitor versions prior to 24.1.90.1306. The vulnerability requires user interaction, specifically requiring the target to visit a malicious page or open a malicious file (Zero Day Initiative).

The vulnerability exists within the web console of PRTG Network Monitor and stems from insufficient validation of user-supplied data. This improper validation can lead to the injection of arbitrary scripts, classified as CWE-79 (Cross-site Scripting). The vulnerability has received varying CVSS scores: a CVSS v3.1 Base Score of 6.1 (Medium) from NIST with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, and a CVSS v3.0 Base Score of 8.8 (High) from Zero Day Initiative with vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If successfully exploited, this vulnerability allows attackers to bypass authentication on the affected system. The attack can potentially lead to unauthorized access to the PRTG Network Monitor system, compromising the confidentiality and integrity of the monitored network infrastructure (Zero Day Initiative).

The vulnerability has been fixed in PRTG version 24.1.90.1306. Organizations using affected versions of PRTG Network Monitor should upgrade to the patched version to mitigate this security risk (Zero Day Initiative).