cnvd - cnvd-2020-23404

cnvd-2020-23404

Vulnerability from cnvd

Title: Paessler PRTG Network Monitor信息泄露漏洞

Description:

Paessler PRTG Network Monitor是德国Paessler公司的一款全功能网络监控管理软件。

Paessler PRTG Network Monitor 20.1.57.1??745之前版本中存在安全漏洞。远程攻击者可借助HTTP请求利用该漏洞获取有关正在运行的探针或服务器本身的信息（CPU使用率，内存，Windows版本和内部统计信息）。

Severity: 中

Formal description:

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://www.paessler.com/

Impacted products

Name
Paessler PRTG Network Monitor <20.1.57.1??745

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11547"
    }
  },
  "description": "Paessler PRTG Network Monitor\u662f\u5fb7\u56fdPaessler\u516c\u53f8\u7684\u4e00\u6b3e\u5168\u529f\u80fd\u7f51\u7edc\u76d1\u63a7\u7ba1\u7406\u8f6f\u4ef6\u3002\n\nPaessler PRTG Network Monitor 20.1.57.1??745\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6709\u5173\u6b63\u5728\u8fd0\u884c\u7684\u63a2\u9488\u6216\u670d\u52a1\u5668\u672c\u8eab\u7684\u4fe1\u606f\uff08CPU\u4f7f\u7528\u7387\uff0c\u5185\u5b58\uff0cWindows\u7248\u672c\u548c\u5185\u90e8\u7edf\u8ba1\u4fe1\u606f\uff09\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://www.paessler.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-23404",
  "openTime": "2020-04-17",
  "products": {
    "product": "Paessler PRTG Network Monitor \u003c20.1.57.1??745"
  },
  "serverity": "\u4e2d",
  "submitTime": "2020-04-07",
  "title": "Paessler PRTG Network Monitor\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-11547 (GCVE-0-2020-11547)

Vulnerability from cvelistv5

Published

2020-04-04 23:23

Modified

2024-08-04 11:35

Severity ?

CWE

Summary

PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

References

▼	URL	Tags
	https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:12.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-04T23:23:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure",
              "refsource": "MISC",
              "url": "https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11547",
    "datePublished": "2020-04-04T23:23:04",
    "dateReserved": "2020-04-04T00:00:00",
    "dateUpdated": "2024-08-04T11:35:12.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted