QID 375613
Date Published: 2021-06-21
QID 375613: SolarWinds Orion Platform Privilege Escalation Vulnerability
SolarWinds Orion is an IT performance monitoring platform
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users.
Affected Versions:
SolarWinds Orion products from version 2020.2 prior to Orion Platform 2020.2.4
QID Detection Logic (Authenticated):
The QID extracts Solarwinds Orion installation path from registry key "HKLM\SOFTWARE\SolarWinds\Orion\Core", value "InstallPath", then compare file version of "SolarWinds.Orion.Core.BusinessLayer.dll" with patched versions
When registry keys are not accessible, we skip the path extracting, directly check file versions of "%ProgramFiles%\SolarWinds\Orion\SolarWinds.Orion.Core.BusinessLayer.dll" and "%ProgramFiles(x86)%\SolarWinds\Orion\SolarWinds.Orion.Core.BusinessLayer.dll".
An attacker could exploit this vulnerability can lead to Improper Access Control Privilege Escalation. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator.
Customers are advised to refer to Orion Platform 2020.2.4 Release Notes
- SolarWinds Orion Platform Security Updates 2020.2.4 -
documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-4_release_notes.htm
CVEs related to QID 375613
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| SolarWinds Orion Platform Security Updates 2020.2.4 |
documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-4_release_notes.htm |