CVE-2024-12833

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-12833
Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. Some user interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the PRTG Network Monitor web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23371.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.zerodayinitiative.com/advisories/ZDI-24-1736/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
History

18 Feb 2025, 21:39

Type Values Removed Values Added
CPE cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
References () https://www.zerodayinitiative.com/advisories/ZDI-24-1736/ - () https://www.zerodayinitiative.com/advisories/ZDI-24-1736/ - Third Party Advisory
First Time Paessler prtg Network Monitor
Paessler
CVSS v2 : unknown
v3 : 8.0 		v2 : unknown
v3 : 6.1
Summary
  • (es) Vulnerabilidad de omisión de autenticación mediante Cross-Site Scripting SNMP en Paessler PRTG Network Monitor. Esta vulnerabilidad permite a los atacantes adyacentes a la red omitir la autenticación en las instalaciones afectadas de Paessler PRTG Network Monitor. Se requiere cierta interacción del usuario por parte de un administrador para explotar esta vulnerabilidad. La falla específica existe dentro de la interfaz web de PRTG Network Monitor. El problema es el resultado de la falta de una validación adecuada de los datos proporcionados por el usuario, lo que puede llevar a la inyección de una secuencia de comandos arbitraria. Un atacante puede aprovechar esta vulnerabilidad para omitir la autenticación en el sistema. Era ZDI-CAN-23371.

11 Feb 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-11 20:15

Updated : 2025-02-18 21:39

NVD link : CVE-2024-12833

Mitre link : CVE-2024-12833

CVE.ORG link : CVE-2024-12833

JSON object : View

Products Affected

paessler

  • prtg_network_monitor
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')