External risk intelligence

PRTG Network Monitor: Unauthenticated User Creation Risk.

CVE advisoryKnown Exploit

CVE-2018-19410

A vulnerability in PRTG Network Monitor permits unauthenticated attackers to create administrator accounts, potentially leading to unauthorized access and system compromise. Organizations face risks to data integrity and control over monitored environments.

4Halo Surface Signal

Paessler Prtg Network Monitor

before 18.2.40.1683

External exposure likelihood

Halo Surface Signal score for CVE-2018-19410

PRTG Network Monitor is a centralized infrastructure management tool commonly deployed as an internet-facing appliance or web-based gateway to monitor network assets. Given its role as a management portal, it is frequently accessible over the network to provide visibility into distributed environments, making internet-facing exposure a standard and expected deployment pattern.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

A vulnerability exists within PRTG Network Monitor that could allow unauthorized access. An attacker can exploit this flaw to create new user accounts with administrative capabilities. This could lead to a significant compromise of the monitored network environment, impacting data integrity and system control.

  • Vulnerable: PRTG Network Monitor
  • Flaw: Allows unauthenticated user creation
  • Impact: Unauthorized administrative access

Attack Path

How an attacker could exploit the issue

A remote, unauthenticated attacker can leverage this vulnerability to gain administrative access to the PRTG Network Monitor. The attack involves crafting a specific HTTP request that exploits a local file inclusion flaw. By manipulating this request, an attacker can initiate the creation of a new user account with full read-write privileges, effectively bypassing authentication and gaining control of the system. This could lead to unauthorized access to sensitive network monitoring data and potential manipulation of monitoring configurations.

  • The system is exposed to the network.
  • Attacker sends a crafted HTTP request.
  • Attacker creates an administrator user.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows unauthenticated attackers to gain administrative access to the affected system by exploiting a local file inclusion flaw. Attackers can craft specific HTTP requests to create new user accounts with full read-write privileges. This could lead to unauthorized data access, system modification, or complete system compromise.

  • Likely attacker skill level: Low
  • Required access or conditions: Network access
  • Business risk or urgency: Critical

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability allows unauthenticated attackers to create administrator accounts by exploiting a local file inclusion flaw in PRTG Network Monitor. This could lead to unauthorized access and control of the network monitoring system. The risk is amplified as the vulnerability has been observed in the wild and has a high exploitability score.

  • Find all PRTG Network Monitor assets.
  • Isolate affected systems from the network.
  • Update PRTG Network Monitor and verify.
  • Monitor system logs for suspicious activity.

Frequently asked questions

What is PRTG Network Monitor?

PRTG Network Monitor is a tool used to monitor network infrastructure, providing visibility into network assets and their performance. It helps organizations manage and maintain their network environments.

How does CVE-2018-19410 allow unauthorized access?

CVE-2018-19410 is a local file inclusion vulnerability. Attackers can send a specially crafted HTTP request to create new user accounts with administrator privileges, bypassing normal authentication processes.

What are the attacker's preconditions to exploit this flaw?

An attacker needs network access to send a crafted HTTP request to the PRTG Network Monitor. No prior authentication or special access is required for an unauthenticated user to trigger this vulnerability.

Who should care about this PRTG Network Monitor vulnerability?

Organizations with PRTG Network Monitor deployed, especially those with internet-facing instances, should care. This is because the product is often exposed to the network, making it a potential target for unauthorized access to critical monitoring data.

What is the first step to respond to this threat?

The first step is to identify all PRTG Network Monitor assets within your organization. Following identification, it's crucial to update PRTG Network Monitor to a version beyond 18.2.40.1683 to address the vulnerability.

References

Sources and related resources

Primary sources: NVD, CVE.org, CISA KEV.

NVDPublished Modified