CVE-2022-35739: n/a in n/a
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.
AI Analysis
Technical Summary
CVE-2022-35739 is a medium-severity vulnerability affecting PRTG Network Monitor versions up to 22.2.77.2204. The issue arises because the software does not properly sanitize custom input for a device's icon, allowing an attacker to insert arbitrary Cascading Style Sheets (CSS) content into the style tag associated with that device. When the device page is loaded, this malicious CSS is injected into the page's style tag. However, due to PRTG Network Monitor's filtering of certain characters and modern browsers' security measures that disable JavaScript execution within style tags, this vulnerability cannot be escalated into a Cross-Site Scripting (XSS) attack. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), indicating a cross-site scripting-related weakness, but the impact is limited to confidentiality as no code execution or integrity/availability impact is reported. The CVSS v3.1 base score is 5.3 (medium), with the vector indicating network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, and limited confidentiality impact. No known exploits are reported in the wild, and no patches or vendor advisories are linked in the provided data. This vulnerability could potentially allow an attacker to manipulate the visual presentation of the device page, possibly misleading users or exfiltrating information via CSS-based side channels, but it does not allow direct code execution or session hijacking.
Potential Impact
For European organizations using PRTG Network Monitor, this vulnerability poses a moderate risk primarily to confidentiality. An attacker with network access to the monitoring interface could inject malicious CSS that alters the appearance of device pages, potentially misleading administrators or causing confusion. Although the vulnerability does not allow JavaScript execution or direct code injection, CSS-based attacks can sometimes be leveraged for information disclosure or UI redressing attacks. Given that PRTG is widely used for network monitoring in critical infrastructure and enterprise environments, any manipulation of monitoring data presentation could impact operational awareness. However, the lack of code execution and the requirement for network access to the monitoring interface limit the potential impact. Organizations with exposed or poorly segmented monitoring interfaces are at higher risk. The vulnerability does not affect system integrity or availability, so operational disruption is unlikely. Overall, the threat is moderate but should be addressed to maintain trust in monitoring data and prevent potential indirect attacks.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first ensure that their PRTG Network Monitor installations are not exposed to untrusted networks or the public internet. Network segmentation and firewall rules should restrict access to the monitoring interface to authorized personnel only. Administrators should monitor for unusual or unauthorized changes to device icons or configurations that could indicate exploitation attempts. Although no official patch is referenced, organizations should check with Paessler (the vendor of PRTG) for any updates or patches addressing this issue and apply them promptly. Additionally, implementing Content Security Policy (CSP) headers that restrict style sources and disallow inline styles could reduce the impact of injected CSS. Regular security audits and input validation reviews on custom inputs in PRTG configurations can help detect and prevent similar issues. Finally, educating administrators about this vulnerability and encouraging vigilance when reviewing device page appearances can help detect potential misuse.
Affected Countries
Germany, United Kingdom, France, Netherlands, Sweden, Italy
CVE-2022-35739: n/a in n/a
Description
PRTG Network Monitor through 22.2.77.2204 does not prevent custom input for a device’s icon, which can be modified to insert arbitrary content into the style tag for that device. When the device page loads, the arbitrary Cascading Style Sheets (CSS) data is inserted into the style tag, loading malicious content. Due to PRTG Network Monitor preventing “characters, and from modern browsers disabling JavaScript support in style tags, this vulnerability could not be escalated into a Cross-Site Scripting vulnerability.
AI-Powered Analysis
Technical Analysis
CVE-2022-35739 is a medium-severity vulnerability affecting PRTG Network Monitor versions up to 22.2.77.2204. The issue arises because the software does not properly sanitize custom input for a device's icon, allowing an attacker to insert arbitrary Cascading Style Sheets (CSS) content into the style tag associated with that device. When the device page is loaded, this malicious CSS is injected into the page's style tag. However, due to PRTG Network Monitor's filtering of certain characters and modern browsers' security measures that disable JavaScript execution within style tags, this vulnerability cannot be escalated into a Cross-Site Scripting (XSS) attack. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), indicating a cross-site scripting-related weakness, but the impact is limited to confidentiality as no code execution or integrity/availability impact is reported. The CVSS v3.1 base score is 5.3 (medium), with the vector indicating network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, and limited confidentiality impact. No known exploits are reported in the wild, and no patches or vendor advisories are linked in the provided data. This vulnerability could potentially allow an attacker to manipulate the visual presentation of the device page, possibly misleading users or exfiltrating information via CSS-based side channels, but it does not allow direct code execution or session hijacking.
Potential Impact
For European organizations using PRTG Network Monitor, this vulnerability poses a moderate risk primarily to confidentiality. An attacker with network access to the monitoring interface could inject malicious CSS that alters the appearance of device pages, potentially misleading administrators or causing confusion. Although the vulnerability does not allow JavaScript execution or direct code injection, CSS-based attacks can sometimes be leveraged for information disclosure or UI redressing attacks. Given that PRTG is widely used for network monitoring in critical infrastructure and enterprise environments, any manipulation of monitoring data presentation could impact operational awareness. However, the lack of code execution and the requirement for network access to the monitoring interface limit the potential impact. Organizations with exposed or poorly segmented monitoring interfaces are at higher risk. The vulnerability does not affect system integrity or availability, so operational disruption is unlikely. Overall, the threat is moderate but should be addressed to maintain trust in monitoring data and prevent potential indirect attacks.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should first ensure that their PRTG Network Monitor installations are not exposed to untrusted networks or the public internet. Network segmentation and firewall rules should restrict access to the monitoring interface to authorized personnel only. Administrators should monitor for unusual or unauthorized changes to device icons or configurations that could indicate exploitation attempts. Although no official patch is referenced, organizations should check with Paessler (the vendor of PRTG) for any updates or patches addressing this issue and apply them promptly. Additionally, implementing Content Security Policy (CSP) headers that restrict style sources and disallow inline styles could reduce the impact of injected CSS. Regular security audits and input validation reviews on custom inputs in PRTG configurations can help detect and prevent similar issues. Finally, educating administrators about this vulnerability and encouraging vigilance when reviewing device page appearances can help detect potential misuse.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- mitre
- Date Reserved
- 2022-07-13T00:00:00.000Z
- Cisa Enriched
- true
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 682d9819c4522896dcbd8b54
Added to database: 5/21/2025, 9:08:41 AM
Last enriched: 7/5/2025, 8:40:51 AM
Last updated: 8/12/2025, 12:16:33 AM
Views: 9
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.