Vulnerability Details : CVE-2019-19119
An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials.
Products affected by CVE-2019-19119
- Paessler » Prtg Network MonitorVersions from including (>=) 7.0 and up to, including, (<=) 19.4.53.cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-19119
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 15 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-19119
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-19119
-
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-19119
-
https://www.paessler.com/prtg/history/preview
Paessler AG - Version HistoryVendor Advisory
-
https://blog.paessler.com/prtg-release-19.4.54-includes-2-brand-new-sensors-for-disk-and-storage
PRTG Release 19.4.54 includes two brand-new sensors for disk and storageVendor Advisory
-
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-helps-in-eliminating-vulnerability-in-software-for-monitoring-visualizing-and-controlling-conditions-of-it-infrastructure/
Positive Technologies helps in eliminating vulnerability in PRTG Network MonitorThird Party Advisory
-
https://blog.paessler.com
Paessler Blog - All about IT, Monitoring, and PRTGVendor Advisory
Jump to