CVE-2022-35739
Last modified
CVE-2022-35739 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. EPSS estimates a 0.73% chance of exploitation in the next 30 days.
Description
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Paessler | Prtg Network Monitor | < 22.3.79.2108 |
References
- https://raxis.com/blog/cve-2022-35739Exploit, Third Party Advisory
- https://www.paessler.com/prtg/history/stableRelease Notes, Vendor Advisory
- https://raxis.com/blog/cve-2022-35739Exploit, Third Party Advisory
- https://www.paessler.com/prtg/history/stableRelease Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-35739?
How severe is CVE-2022-35739?
How do I fix CVE-2022-35739?
Are you affected by CVE-2022-35739?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST