CVE-2018-19411 Explained : Impact and Mitigation
Learn about CVE-2018-19411, where an authenticated user in PRTG Network Monitor can escalate privileges by creating a new user with read-write access. Find out the impact, affected versions, and mitigation steps.
In versions prior to 18.2.40.1683, an authenticated user with a read-only account can exploit PRTG Network Monitor by creating a new user with read-write privileges (including administrator access) using an HTTP request. This vulnerability occurs due to the lack of proper user rights verification in the /api/addusers endpoint.
Understanding CVE-2018-19411
PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including administrator) via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights.
What is CVE-2018-19411?
- An authenticated user with a read-only account can create a new user with read-write privileges, including administrator access, through an HTTP request in PRTG Network Monitor.
The Impact of CVE-2018-19411
- An attacker could exploit this vulnerability to escalate their privileges within the system, potentially gaining unauthorized access to sensitive information or performing malicious actions.
Technical Details of CVE-2018-19411
PRTG Network Monitor before version 18.2.40.1683 is affected by this vulnerability.
Vulnerability Description
- Lack of proper user rights verification in the /api/addusers endpoint allows an authenticated user to create a new user with elevated privileges.
Affected Systems and Versions
- PRTG Network Monitor versions prior to 18.2.40.1683 are vulnerable to this exploit.
Exploitation Mechanism
- Exploitation involves an authenticated user with a read-only account creating a new user with escalated privileges through an HTTP request.
Mitigation and Prevention
It is crucial to take immediate steps to address and prevent the exploitation of CVE-2018-19411.
Immediate Steps to Take
- Upgrade PRTG Network Monitor to version 18.2.40.1683 or later to mitigate this vulnerability.
- Monitor user account creation and privilege changes for suspicious activities.
Long-Term Security Practices
- Regularly review and update user access rights and permissions to ensure the principle of least privilege.
- Conduct security training for users to raise awareness about the risks of unauthorized privilege escalation.
Patching and Updates
- Stay informed about security updates and patches released by the vendor to address known vulnerabilities and enhance system security.