CyberSec.Space Logo
Back to CVE Browser

CVE-2018-19411

HIGH
8.8
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile41.73th
PublishedNov 21, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.

Affected Platforms (CPE)

📦
Paessler

Prtg Network Monitor

< 18.2.40.1683

References & Advisories

🔗 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-25/
🔗 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-25/

Related Vulnerabilities

CVE-2020-103749.8

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via...

CVE-2018-194109.8

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (inclu...

CVE-2018-192048.8

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary ...

CVE-2018-192037.5

PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a s...