cnvd - cnvd-2020-23404

CNVD-2020-23404

Vulnerability from cnvd - Published: 2020-04-17

Title

Paessler PRTG Network Monitor信息泄露漏洞

Description

Paessler PRTG Network Monitor是德国Paessler公司的一款全功能网络监控管理软件。 Paessler PRTG Network Monitor 20.1.57.1??745之前版本中存在安全漏洞。远程攻击者可借助HTTP请求利用该漏洞获取有关正在运行的探针或服务器本身的信息（CPU使用率，内存，Windows版本和内部统计信息）。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://www.paessler.com/

Impacted products

Name
Paessler PRTG Network Monitor <20.1.57.1??745

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11547"
    }
  },
  "description": "Paessler PRTG Network Monitor\u662f\u5fb7\u56fdPaessler\u516c\u53f8\u7684\u4e00\u6b3e\u5168\u529f\u80fd\u7f51\u7edc\u76d1\u63a7\u7ba1\u7406\u8f6f\u4ef6\u3002\n\nPaessler PRTG Network Monitor 20.1.57.1??745\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u6709\u5173\u6b63\u5728\u8fd0\u884c\u7684\u63a2\u9488\u6216\u670d\u52a1\u5668\u672c\u8eab\u7684\u4fe1\u606f\uff08CPU\u4f7f\u7528\u7387\uff0c\u5185\u5b58\uff0cWindows\u7248\u672c\u548c\u5185\u90e8\u7edf\u8ba1\u4fe1\u606f\uff09\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://www.paessler.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-23404",
  "openTime": "2020-04-17",
  "products": {
    "product": "Paessler PRTG Network Monitor \u003c20.1.57.1??745"
  },
  "serverity": "\u4e2d",
  "submitTime": "2020-04-07",
  "title": "Paessler PRTG Network Monitor\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2020-11547 (GCVE-0-2020-11547)

Vulnerability from cvelistv5 – Published: 2020-04-04 23:23 – Updated: 2024-08-04 11:35

Summary

PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://github.com/ch-rigu/PRTG-Network-Monitor-I…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:12.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-04T23:23:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11547",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure",
              "refsource": "MISC",
              "url": "https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11547",
    "datePublished": "2020-04-04T23:23:04",
    "dateReserved": "2020-04-04T00:00:00",
    "dateUpdated": "2024-08-04T11:35:12.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-23404

CVE-2020-11547 (GCVE-0-2020-11547)

Tags

Sightings

Nomenclature