Not only new vulnerabilities are being actively exploited by cybercriminals. Hackers still manage to find two vulnerabilities in manufacturer Paessler’s PRTG Network Monitor from 2018.
On Feb. 4, 2025, CISA added new vulnerabilities to the Known Exploited Vulnerabilities Catalog, or KEV list. This was done based on evidence of active exploitation. Two of the vulnerabilities pose a risk within Paessler PRTG Network Monitor.
The first is CVE-2018-9276. This vulnerability enables OS command injection. It allows a hacker with administrator privileges in the PRTG System Administrator web console to send manipulated parameters within sensor or notification management. Thus, attackers potentially gain control over the server and connected devices.
The other vulnerability, CVE-2018-19410, poses an even greater threat to PRTG Network Monitor users. Versions prior to 18.2.40.1683 allow unauthenticated attackers to create users with read, write and administrator privileges.
This is done by sending a specific manipulated HTTP request that overwrites the include-directive in `/public/login.htm`. This allows a Local File Inclusion attack to be performed by including and executing `/api/addusers`. By specifying the ‘id’ and ‘users’ parameters, an attacker can create a full-fledged user with administrator privileges without authentication. In terms of danger, this vulnerability receives a score of 9.8.
The Shadowserver Foundation, an organization that scans and reports vulnerable IP addresses daily, found this vulnerability on Feb. 15, 2025, on 2149 servers worldwide.
CISA urges patching
Attackers often use such vulnerabilities as attack vectors. They pose significant risks to networks and organizations. To counter this threat, CISA called into being the Binding Operational Directive (BOD). This initiative establishes the KEV Catalog as a dynamic list of known vulnerabilities that pose a significant risk. Federal government agencies must remediate the vulnerabilities in this catalog within specified timeframes to protect their networks from active threats.
Although BOD applies specifically to federal agencies, CISA urges all organizations to minimize their exposure to cyber attacks. One can do this by fixing vulnerabilities from the catalog in a timely manner.
CISA continues to expand the list of vulnerabilities that meet the established criteria in order to strengthen organizations’ digital security and prevent further misuse by malicious actors.