Published: 05/04/2020 Updated: 07/04/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

PRTG Network Monitor prior to 20.1.57.1745 allows remote unauthenticated malicious users to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

Vulnerable Product	Search on Vulmon	Subscribe to Product
paessler prtg network monitor

PRTG-Network-Monitor-Information-Disclosure - CVE-2020-11547 Remote unauthenticated user can craft an HTTP request in /public/loginhtm or /indexhtm by providing the 'type' parameter Example: 127001/public/loginhtm?type=probes replace probes by any of the following to get diferent info version cpuload dnsname serverhttpurl windowsversion systemid treesta

CWE-200 https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure https://nvd.nist.gov https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure

CVE-2020-11547

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect