CVE-2022-35739 - PRTG Network Monitor: Arbitrary Content Injection via Device Icons

The PRTG Network Monitor is a powerful monitoring tool used by organizations for monitoring network performance and security. However, it has recently been discovered that a vulnerability exists in the software which can allow threat actors to inject arbitrary content. This vulnerability can potentially compromise the security of your organization's network.

This post will go into detail about this vulnerability, specifically identified as CVE-2022-35739. We will provide details on the exploit, code snippet, and links to the original references.

Exploit Details

PRTG Network Monitor versions up to and including 22.2.77.2204 are affected by this vulnerability. The problem lies in the fact that the software does not prevent custom input for a device's icon. The icon can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag and malicious content can be loaded.

While modern browsers disable JavaScript support in style tags, preventing the escalation into a Cross-Site Scripting (XSS) vulnerability, the issue still poses a risk to network security.

An attacker can exploit this vulnerability by modifying the device icon custom input as shown below

<style>
body {background-color: red !important;}
</style>

This code snippet will change the background color of the device page to red when loaded, indicating that the arbitrary CSS has been executed. This can be replaced with other CSS code to execute unintended behavior, potentially affecting user experience or tricking users into performing certain actions.

Original References & Mitigation

The vulnerability was reported by David Ninan in a GitHub Gist: CVE-2022-35739, which delves into more detail regarding the exploit. The software's vendor, Paessler, has acknowledged this vulnerability and released a security advisory, which confirms the issue and provides recommendations for mitigation.

Update to PRTG Network Monitor version 22.2.77.2204 or higher.

2. If updating is not possible, restrict access to the device page by limiting the permissions of users who can modify the device icons.

Conclusion

CVE-2022-35739 is a vulnerability in the PRTG Network Monitor that allows attackers to inject arbitrary content via device icons, potentially compromising network security. Organizations that use PRTG Network Monitor should update their software or restrict access to the affected device pages as soon as possible.

It is crucial to always stay informed about the latest vulnerabilities and apply patches and updates as needed to maintain a secure network environment.

Timeline

Published on: 10/25/2022 17:15:00 UTC
Last modified on: 10/28/2022 19:51:00 UTC