CISA warns of actively exploited old vulnerabilities in Paessler PRTG servers
Take action: If you are using PRTG for network monitoring and you haven't patched it for 8 years, shame on you! Time to update it ASAP, because hackers don't care how old a vulnerability is. There is no expiry date on exploitation of a flaw.
Learn More
CISA is warning of two actively exploited old vulnerabilities from 2018 in Paessler's PRTG Network Monitor. These vulnerabilities were added to CISA's Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation in the wild.
- CVE-2018-19410 (CVSS score 9.8), affects versions prior to 18.2.40.1683 and allows unauthenticated attackers to create users with read, write, and administrator privileges. The exploitation involves sending a specific manipulated HTTP request that overwrites the include-directive in /public/login.htm, enabling a Local File Inclusion attack through /api/addusers. By specifying certain parameters, attackers can create administrator accounts without any authentication. The Shadowserver Foundation's recent scan on February 15, 2025, revealed 2,149 servers worldwide still vulnerable to this exploit.
- CVE-2018-9276 (CVSS score 7.2), enables OS command injection and requires administrator privileges in the PRTG System Administrator web console. This vulnerability allows attackers to send manipulated parameters within sensor or notification management features, potentially leading to full control over the server and connected devices.
Federal government agencies are required to remediate these vulnerabilities within specified timeframes, but CISA strongly urges all organizations to minimize their exposure to cyber attacks by promptly addressing vulnerabilities listed in the catalog.
Organizations are advised to immediately patch affected systems and update to the latest version of PRTG Network Monitor to prevent potential exploitation.
