CVE-2019-11073 (GCVE-0-2019-11073)
Vulnerability from cvelistv5
Published
2020-03-16 18:41
Modified
2024-08-04 22:40
Severity ?
CWE
  • n/a
Summary
A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.
References
cve@mitre.orghttps://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/Exploit, Third Party Advisory
cve@mitre.orghttps://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.htmlThird Party Advisory
cve@mitre.orghttps://www.paessler.com/prtg/history/stableRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.paessler.com/prtg/history/stableRelease Notes
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:16.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.paessler.com/prtg/history/stable"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-16T18:41:58",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.paessler.com/prtg/history/stable"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-11073",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.paessler.com/prtg/history/stable",
              "refsource": "MISC",
              "url": "https://www.paessler.com/prtg/history/stable"
            },
            {
              "name": "https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/",
              "refsource": "MISC",
              "url": "https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/"
            },
            {
              "name": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html",
              "refsource": "MISC",
              "url": "https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11073",
    "datePublished": "2020-03-16T18:41:58",
    "dateReserved": "2019-04-10T00:00:00",
    "dateUpdated": "2024-08-04T22:40:16.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-11073\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-03-16T19:15:11.350\",\"lastModified\":\"2024-11-21T04:20:29.253\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en PRTG Network Monitor versiones anteriores a 19.4.54.1506, que permite a atacantes ejecutar c\u00f3digo debido a un saneamiento insuficiente cuando se pasan argumentos al binario HttpTransactionSensor.exe. A fin de explotar la vulnerabilidad, los administradores autenticados remotos necesitan crear un nuevo HTTP Transaction Sensor y establecer configuraciones espec\u00edficas cuando se ejecuta el sensor.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"19.4.54.1506\",\"matchCriteriaId\":\"621BCC52-2254-44DE-BB17-7F5E39216440\"}]}]}],\"references\":[{\"url\":\"https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.paessler.com/prtg/history/stable\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.paessler.com/prtg/history/stable\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.