CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

Read more about “CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability”

CVE-2018-19410 is a critical security vulnerability identified in PRTG Network Monitor versions prior to 18.2.40.1683. This flaw allows remote, unauthenticated attackers to create users with read-write privileges, including administrative rights. The vulnerability arises from improper handling of HTTP requests, enabling attackers to perform a Local File Inclusion (LFI) attack by manipulating the ‘include’ directive in /public/login.htm to execute the /api/addusers file.

nvd.nist.gov

What is Vulnerable to CVE-2018-19410

The vulnerability affects PRTG Network Monitor versions earlier than 18.2.40.1683. Organizations utilizing these versions are at risk, as the flaw permits unauthorized creation of users with elevated privileges. It’s imperative for administrators to verify their PRTG installations and ensure they are not running vulnerable versions.

global.ptsecurity.com

Mitigation and Remediation for CVE-2018-19410

To mitigate the risks associated with CVE-2018-19410, consider the following steps:

Update Software: Upgrade PRTG Network Monitor to version 18.2.40.1683 or later, where this vulnerability has been addressed.
nvd.nist.gov
Monitor User Accounts: Regularly audit user accounts for any unauthorized additions or changes.
Implement Access Controls: Enforce strict access controls and authentication mechanisms to prevent unauthorized access.
Network Segmentation: Isolate critical monitoring systems from general network access to minimize potential attack vectors.

Impact of Successful Exploitation of CVE-2018-19410

Exploiting CVE-2018-19410 can have severe consequences, including:

Unauthorized Access: Attackers can gain administrative privileges without authentication.
Data Compromise: With administrative access, attackers can view, modify, or delete sensitive monitoring data.
System Control: Attackers may alter system configurations, disable monitoring alerts, or use the compromised system as a pivot point for further attacks.

Given the critical nature of this vulnerability, immediate action is essential to protect organizational assets.

Proof of Concept for CVE-2018-19410

A proof of concept (PoC) demonstrating the exploitation of CVE-2018-19410 is available. The PoC illustrates how an attacker can craft an HTTP request to include and execute the /api/addusers file, thereby creating a new user with administrative privileges.

github.com

Administrators and security professionals are advised to review this PoC to understand the exploitation mechanics and to test their systems for susceptibility. However, such testing should only be conducted in controlled environments to prevent unintended consequences.

For a detailed analysis and technical breakdown of the exploit, refer to the article “Building an exploit for CVE-2018-19410” by Quan Doan.

medium.com

By staying informed and proactive, organizations can effectively defend against threats posed by vulnerabilities like CVE-2018-19410.

Learn more about WNE Security products and services that can help keep you cyber safe.

Learn about CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability and other vulnerabilities and best practices by subscribing to our newsletter.

Subscribe to WNE Security’s newsletter for the latest cybersecurity best practices, 0-days, and breaking news. Or learn more about “CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability”