Description

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.

Related CPE's

a

solarwinds

orion_platform

2020.2

-

Vulnerable

References

https://www.zerodayinitiative.com/advisories/ZDI-21-192/

Third Party AdvisoryVDB Entry

https://www.zerodayinitiative.com/advisories/ZDI-21-192/

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Secondary
CWE-284

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-14T14:15:13.877Z

4 years ago

Last modified

2024-11-21T04:57:42.483Z

1 year ago