QID 375788
Date Published: 2021-08-19
QID 375788: SolarWinds Orion Platform Multiple Vulnerabilities
SolarWinds Orion is an IT performance monitoring platform
SolarWinds Orion is affected with following vulnerabilities
CVE-2021-28674: An Authenticated Orion Platform user with node management rights can delete nodes for another group
CVE-2021-35212: A low privilege user can elevate privileges to Administrator using SQL injection vulnerability
CVE-2021-35213: An Improper Access Control Privilege Escalation Vulnerability was discovered in the User Setting of Orion Platform version 2020.2.5. It allows a guest user to elevate privileges to the Administrator using this vulnerability.
CVE-2021-35215: Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5.
QID Detection Logic (Authenticated):
The QID extracts Solarwinds Orion installation path from registry key "HKLM\SOFTWARE\SolarWinds\Orion\Core", value "InstallPath", then compare file version of "SolarWinds.Orion.Core.BusinessLayer.dll" with patched versions
When registry keys are not accessible, we skip the path extracting, directly check file versions of "%ProgramFiles%\SolarWinds\Orion\SolarWinds.Orion.Core.BusinessLayer.dll" and "%ProgramFiles(x86)%\SolarWinds\Orion\SolarWinds.Orion.Core.BusinessLayer.dll".
An attacker could exploit this vulnerability to compromise confidentiality, integrity and availability
Customers are advised to refer to Orion Platform 2020.2.6 Release Notes
- SolarWinds Orion Platform Security Updates 2020.2.6 -
documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
CVEs related to QID 375788
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Orion Platform 2020.2.6 |
documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm |