The following information only affects you if you are running PRTG Network Monitor V15.2.16.2229/2230 (released on April 28th 2015) through V16.1.21.1257/1258 (released on January 18th 2016).
During the test of new PRTG features our Quality Assurance team discovered a possible vulnerability. Our Product Development team immediately started to work on a solution, which was found and implemented within one day. On Monday, January 25th, we made an update available for PRTG which fixes the vulnerability.
We then informed our customers and partners about the security update directly via update notice in PRTG, via email and also via this blog article.
The only concise solution is to update to the latest PRTG version as soon as possible! We strongly recommend this to all PRTG users.
Under certain circumstances a so-called "path traversal attack" was possible. Although being very unlikely to be exploited, attackers could use this to gain access to files on the host which PRTG is installed on.
We do not know of any case where this vulnerability has actually been exploited. We will not publish the technical details so we do not put our customers at risk who have not yet updated.
We are sorry about this incident and have worked hard to provide a fix as soon as possible. We will assist all customers while updating to PRTG V16.1.21.1421/1422 (or later). If you have a trusted Paessler Partner, please contact him. He also will be able to assist you.
Sincerely,
Dirk Paessler, CEO