CVE-2024-12833: 
PRTG Network Monitor vulnerability analysis and mitigation

A critical vulnerability (CVE-2024-12833) was discovered in Paessler PRTG Network Monitor's web interface. The vulnerability allows network-adjacent attackers to bypass authentication through a cross-site scripting attack. The issue was initially reported to the vendor on March 13, 2024, and was publicly disclosed on December 30, 2024. The vulnerability affects the PRTG Network Monitor software and has been assigned a CVSS score of 8.0 (ZDI Advisory).

The vulnerability stems from inadequate validation of user-supplied data in the PRTG Network Monitor web interface, specifically related to SNMP functionality. This flaw enables the injection of arbitrary scripts, which can be leveraged to bypass authentication mechanisms. The vulnerability has been assigned a CVSS score of 8.0 with the following vector: AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating high severity across confidentiality, integrity, and availability impacts (ZDI Advisory).

The successful exploitation of this vulnerability allows attackers to bypass authentication on the affected system. This could potentially give unauthorized access to the PRTG Network Monitor, compromising the security of the network monitoring infrastructure (ZDI Advisory).

The vendor addressed this vulnerability in PRTG version 25.1.102.1373, released on January 9, 2024. Prior to the patch, the only recommended mitigation strategy was to restrict interaction with the application (ZDI Advisory).