Skip to main content

CVE-2022-35739: n/a in n/a

Medium
VulnerabilityCVE-2022-35739cvecve-2022-35739
Published: Tue Oct 25 2022 (10/25/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.

AI-Powered Analysis

AILast updated: 07/05/2025, 08:40:51 UTC

Technical Analysis

CVE-2022-35739 is a medium-severity vulnerability affecting PRTG Network Monitor versions up to 22.2.77.2204. The issue arises because the software does not properly sanitize custom input for a device's icon, allowing an attacker to insert arbitrary Cascading Style Sheets (CSS) content into the style tag associated with that device. When the device page is loaded, this malicious CSS is injected into the page's style tag. However, due to PRTG Network Monitor's filtering of certain characters and modern browsers' security measures that disable JavaScript execution within style tags, this vulnerability cannot be escalated into a Cross-Site Scripting (XSS) attack. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), indicating a cross-site scripting-related weakness, but the impact is limited to confidentiality as no code execution or integrity/availability impact is reported. The CVSS v3.1 base score is 5.3 (medium), with the vector indicating network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, and limited confidentiality impact. No known exploits are reported in the wild, and no patches or vendor advisories are linked in the provided data. This vulnerability could potentially allow an attacker to manipulate the visual presentation of the device page, possibly misleading users or exfiltrating information via CSS-based side channels, but it does not allow direct code execution or session hijacking.

Potential Impact

For European organizations using PRTG Network Monitor, this vulnerability poses a moderate risk primarily to confidentiality. An attacker with network access to the monitoring interface could inject malicious CSS that alters the appearance of device pages, potentially misleading administrators or causing confusion. Although the vulnerability does not allow JavaScript execution or direct code injection, CSS-based attacks can sometimes be leveraged for information disclosure or UI redressing attacks. Given that PRTG is widely used for network monitoring in critical infrastructure and enterprise environments, any manipulation of monitoring data presentation could impact operational awareness. However, the lack of code execution and the requirement for network access to the monitoring interface limit the potential impact. Organizations with exposed or poorly segmented monitoring interfaces are at higher risk. The vulnerability does not affect system integrity or availability, so operational disruption is unlikely. Overall, the threat is moderate but should be addressed to maintain trust in monitoring data and prevent potential indirect attacks.

Mitigation Recommendations

To mitigate this vulnerability, European organizations should first ensure that their PRTG Network Monitor installations are not exposed to untrusted networks or the public internet. Network segmentation and firewall rules should restrict access to the monitoring interface to authorized personnel only. Administrators should monitor for unusual or unauthorized changes to device icons or configurations that could indicate exploitation attempts. Although no official patch is referenced, organizations should check with Paessler (the vendor of PRTG) for any updates or patches addressing this issue and apply them promptly. Additionally, implementing Content Security Policy (CSP) headers that restrict style sources and disallow inline styles could reduce the impact of injected CSS. Regular security audits and input validation reviews on custom inputs in PRTG configurations can help detect and prevent similar issues. Finally, educating administrators about this vulnerability and encouraging vigilance when reviewing device page appearances can help detect potential misuse.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2022-07-13T00:00:00.000Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9819c4522896dcbd8b54

Added to database: 5/21/2025, 9:08:41 AM

Last enriched: 7/5/2025, 8:40:51 AM

Last updated: 7/26/2025, 1:59:57 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats