CVE-2019-19119
MEDIUM severity · CVSS 5.5 · CWE-522
5.5CVSS MEDIUM
Summary
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)0%
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- https://blog.paessler.comAdvisory
- https://blog.paessler.com/prtg-release-19.4.54-includes-2-brand-new-sensors-for-disk-and-storageAdvisory
- https://www.paessler.com/prtg/history/previewAdvisory
- https://www.ptsecurity.com/ww-en/about/news/positive-technologies-helps-in-eliminating-vulnerability-in-software-for-monitoring-visualizing-and-controlling-conditions-of-it-infrastructure/Advisory