Paessler PRTG Network Monitor OS Command Injection Vulnerability
Project:Paessler
Product:PRTG Network Monitor
Date Added:2025-02-04Due Date::2025-02-25
Vulnerability Name
Paessler PRTG Network Monitor OS Command Injection Vulnerability
Description
Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.paessler.com/prtg/history/prtg-18#18.2.39
https://nvd.nist.gov/vuln/detail/CVE-2018-9276
Related News Articles
CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacksFebruary 6, 2025
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25February 5, 2025