CVE-2020-10148
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SolarWinds | Orion Platform | 2019.4 HF 5 | affected |
| SolarWinds | Orion Platform | 2020.2 without hotfix | affected |
| SolarWinds | Orion Platform | 2020.2 HF 1 | affected |
Weaknesses
- CWE-288: CWE-288 Authentication Bypass Using an Alternate Path or Channel
ADP Enrichment
CVE Program Container
Additional References
- https://www.kb.cert.org/vuls/id/843464
- https://www.solarwinds.com/securityadvisory
- https://kb.cert.org/vuls/id/843464
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.