Arbitrary file upload in Paessler Prtg_network_monitor

CVE-2019-11074

A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) d…

Vulnerability class: Unrestricted File Upload

EPSS: 0.045 (90.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

  • cve@mitre.org (x_refsource_MISC, Release Notes, Vendor Advisory)
  • cve@mitre.org (Exploit, Third Party Advisory, x_refsource_MISC)
  • cve@mitre.org (Third Party Advisory, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2019-11074?
CVE-2019-11074 is a high-severity vulnerability in Paessler Prtg_network_monitor, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 7.2/10. Published 2020-03-17.
How severe is CVE-2019-11074?
High severity. CVSS v3 base score is 7.2 out of 10.