APP: SolarWinds Network Performance Monitor BytesToMessage Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against SolarWinds Network Performance Monitor BytesToMessage. A successful attack can lead to arbitrary code execution.
Extended Description
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Affected Products
Solarwinds orion_platform
References
CVE: CVE-2022-47503
URL: http://www.zerodayinitiative.com/advisories/ZDI-22-1460/ http://www.zerodayinitiative.com/advisories/ZDI-23-167/ http://www.zerodayinitiative.com/advisories/ZDI-23-170/ http://www.zerodayinitiative.com/advisories/ZDI-23-166/ http://www.zerodayinitiative.com/advisories/ZDI-23-213/ http://www.zerodayinitiative.com/advisories/ZDI-22-1461/
Short Name
APP:MISC:SLRWNDS-INSCRE-DES
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
BytesToMessage CVE-2022-36957 CVE-2022-38108 CVE-2022-38111 CVE-2022-47503 CVE-2022-47504 CVE-2023-23836 Deserialization Insecure Monitor Network Performance SolarWinds
Release Date
02/20/2023
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3632
False Positive
Unknown
Vendors
Solarwinds