https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520

https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520

https://www.paessler.com/prtg/history/stable

https://www.paessler.com/prtg/history/prtg-23#23.3.86.1520 [No Types Assigned]

An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim.

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NIST AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NIST AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

NIST AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

NIST CWE-352

OR
     *cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:* versions up to (excluding) 23.3.86.1520

https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 No Types Assigned

https://kb.paessler.com/en/topic/91845-multiple-vulnerabilites-fixed-in-paessler-prtg-network-monitor-23-3-86-1520 Vendor Advisory

https://www.paessler.com/prtg/history/stable No Types Assigned

https://www.paessler.com/prtg/history/stable Release Notes