CVE-2020-11547

MEDIUM severity · CVSS 5.3 · Missing authentication

5.3CVSS MEDIUM

Summary

PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionNone

Confidentiality impactLow

Integrity impactNone

Availability impactNone

Exploit probability (EPSS)91%

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products we track (1)

PRTG Network Monitor

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure
https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure