QID 379209

SolarWinds Platform is an IT performance monitoring platform.
CVE-2023-33225,CVE-2023-3622: The SolarWinds Platform was found to be susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
CVE-2023-33224,CVE-2023-33229: The SolarWinds Platform was found to be susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.
CVE-2023-3622,CVE-2023-23843: An Access Control Bypass Vulnerability exists in the SolarWinds Platform that, if exploited, could allow an underprivileged user to read an arbitrary resource.
CVE-2023-33229: The SolarWinds Platform was found to be susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.

Affected Products:
SolarWinds Platform version 2023.2.1 and prior versions

QID Detection Logic (Authenticated):
1. The QID extracts Solarwinds Platform version from registry key "HKLM\SOFTWARE\SolarWinds\Orion\Core or HKLM\SOFTWARE\Wow6432Node\SolarWinds\Orion\Core", value "InstallPath", then compare file version of "SolarWinds.Orion.Core.Common.dll; with patched versions
2. The QID extracts Solarwinds Platform version from registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall or HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall", value "InstallLocation", then compare file version of "SolarWinds.Orion.Core.Common.dll; with patched versions

Successful exploitation of this vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.