HTTP: SolarWinds Orion GetAccountGroups Multiple SQL Injections

This signature detects specific characters in the requests send to the SolarWinds Application. Because these characters are not normally used in, this can indicate a SQL injection attack in SolarWinds.

Extended Description

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.

Affected Products

Solarwinds orion_network_performance_monitor

References

CVE: CVE-2014-9566

Short Name
HTTP:SQL:INJ:SOLARWINDS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2014-9566 GetAccountGroups Injections Multiple Orion SQL SolarWinds
Release Date
04/27/2015
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Solarwinds

CVSS Score

7.5

Found a potential security threat?