HTTP: SolarWinds Network Configuration Manager VulnerabilitySettings Arbitrary File Write
This signature detects attempts to exploit a known vulnerability against SolarWinds Network Configuration Manager. A successful attack can lead to arbitrary code execution.
Extended Description
This vulnerability allows remote attackers to create arbitrary files on affected installations of SolarWinds Orion Platform 2020.2.1. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within VulnerabilitySettings.aspx. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-11902.
Affected Products
Solarwinds orion_platform
Short Name
HTTP:CTS:SOLARWINDS-NCM-VST-AFW
Severity
Critical
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Arbitrary CVE-2020-27871 Configuration File Manager Network SolarWinds VulnerabilitySettings Write
Release Date
05/18/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3383
False Positive
Unknown
Vendors
Solarwinds
CVSS Score
9.0