CVE-2019-11073

high

Description

A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization when passing arguments to the HttpTransactionSensor.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Transaction Sensor and set specific settings when the sensor is executed.

References

https://www.paessler.com/prtg/history/stable

https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/11/warnmeldung_cb-k19-1019.html

https://sensepost.com/blog/2019/being-stubborn-pays-off-pt.-1-cve-2018-19204/

Details

Source: Mitre, NVD

Published: 2020-03-16

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.08