CVE-2024-12833 – Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability
The following table lists the changes that have been made to the CVE-2024-12833 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.
-
New CVE Received by [email protected]
Feb. 11, 2025
Action Type Old Value New Value Added Description Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Paessler PRTG Network Monitor. Some user interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the PRTG Network Monitor web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-23371. Added CVSS V3 AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Added CWE CWE-79 Added Reference https://www.zerodayinitiative.com/advisories/ZDI-24-1736/