[VS-2019-001] SolarWinds Orion NPM Remote Code Execution

CVE ID

CVE-2019-8917

CVSS Score

Pending

Vendor

SolarWinds

Product

SolarWinds Orion NPM 12.3.5200.0

Vulnerability Details

SolarWinds Orion NPM suffers from a SYSTEM remote code execution vulnerability in the "OrionModuleEngine" service. This service establishes an NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The "InvokeActionMethod" method may be abused by an attacker to execute commands as the SYSTEM user.

Vendor Response

Thanks to SolarWinds' prompt response, a fix is available in the 12.4 release.

Disclosure Timeline

10-01-2018 - Disclosed to Vendor
10-02-2018 - Response from Vendor
10-08-2018 - Coordination of Patch and Disclosure with Vendor
12-04-2018 - Verified patch in 12.4 release

Credit

Fabius Watson of VerSprite Security

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

VS-2019-001.md

VS-2019-001.md

[VS-2019-001] SolarWinds Orion NPM Remote Code Execution

CVE ID

CVSS Score

Vendor

Product

Vulnerability Details

Vendor Response

Disclosure Timeline

Credit

Files

VS-2019-001.md

Latest commit

History

VS-2019-001.md

File metadata and controls

[VS-2019-001] SolarWinds Orion NPM Remote Code Execution

CVE ID

CVSS Score

Vendor

Product

Vulnerability Details

Vendor Response

Disclosure Timeline

Credit