In SolarWinds Log & Event Manager (LEM) prior to 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
solarwinds log \\& event manager 6.3.1 |