No security patch in sight: Paessler PRTG Network Monitor vulnerable to attack
The Paessler PRTG network monitoring software is vulnerable. It is not yet known when the manufacturer will secure the software.
(Image: Sashkin/Shutterstock.com)
If admins use Paessler PRTG Network Monitor to monitor networks, systems are vulnerable due to a security gap that has not yet been closed. If attacks are successful, attackers can bypass authentication and gain unauthorized access to computers.
Where is the security update?
The vulnerability (CVE-2024-12833"high") in the web interface was discovered by security researchers from Trend Micro's Zero Day Initiative. In a report, the researchers state that they informed the software manufacturer about the vulnerability back in March 2024. However, despite repeated reminders, no security patch has yet been released. The answer to an inquiry from heise Security is still pending.
If attackers have network access, they can use the vulnerability to bypass authentication because user input is not sufficiently checked. According to the researchers, however, this requires "a certain amount of user interaction on the part of an administrator". However, it remains unclear how such an attack could work in detail.
It is also unknown whether there are already attacks and how administrators can recognize successfully attacked systems.
(des)
