HTTP: SolarWinds Network Performance Monitor Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Solarwinds Network Performance Monitor. A successful exploitation can result in arbitrary code execution in the security context of the system.
Extended Description
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
Affected Products
Solarwinds network_performance_monitor
References
CVE: CVE-2022-36958
URL: https://www.zerodayinitiative.com/advisories/ZDI-21-602/ https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2020-2-5_release_notes.htm http://www.zerodayinitiative.com/advisories/ZDI-22-1459/ http://www.zerodayinitiative.com/advisories/ZDI-21-602/
Short Name
HTTP:CTS:SOLRWIND-NW-PM-DES
Severity
Critical
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-31474 CVE-2022-36958 Deserialization Insecure Monitor Network Performance SolarWinds
Release Date
07/01/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3693
False Positive
Unknown
Vendors
Solarwinds
CVSS Score
10.0