Published: 29/12/2020 Updated: 31/12/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote malicious user to execute API commands. This vulnerability could allow a remote malicious user to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
solarwinds orion platform 2019.4
solarwinds orion platform 2020.2
solarwinds orion platform 2020.2.1

CVE-2020-10148 Solarwinds Orion Download CVE-2020-10148py wget gistgithubusercontentcom/0xsha/75616ef6f24067c4fb5b320c5dfa4965/raw/0d7db4f2ea5aacc0ada7b1a7b23f2ce8ba39315f/CVE-2020-10148py Looking Solarwinds Orion from Shodan wwwshodanio/search?query=httptitle%3Asolarwinds+httpfaviconhash%3A-1776962843 Running CVE-2020-10148py python CVE-2020-10148p

SolarWinds Orion API 远程代码执行漏洞批量检测脚本

使用方法&免责声明该脚本为SolarWinds Orion API 远程代码执行漏洞批量检测脚本（CVE-2020-10148）。使用方法：Python CVE-2020-10148py urlstxt urlstxt 中每个url为一行，漏洞地址输出在vultxt中影响版本： SolarWinds Orion 202021 HF 2 及 20194 HF 6之前的版本受此漏洞影响。工具仅用于安全人员安全

CVE-2020-10148 Solarwinds Orion Download CVE-2020-10148py wget gistgithubusercontentcom/0xsha/75616ef6f24067c4fb5b320c5dfa4965/raw/0d7db4f2ea5aacc0ada7b1a7b23f2ce8ba39315f/CVE-2020-10148py Looking Solarwinds Orion from Shodan wwwshodanio/search?query=httptitle%3Asolarwinds+httpfaviconhash%3A-1776962843 Running CVE-2020-10148py python CVE-2020-10148p

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka：OSINT工具，将来自shodan、censys等服务的数据集中在一处�

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

CWE-287 https://kb.cert.org/vuls/id/843464 https://www.solarwinds.com/securityadvisory https://github.com/rdoix/CVE-2020-10148-Solarwinds-Orion https://github.com/B1anda0/CVE-2020-10148 https://nvd.nist.gov https://kb.cert.org/vuls/id/843464 https://exchange.xforce.ibmcloud.com/vulnerabilities/193808

CVE-2020-10148

Vulnerability Summary

Vulnerability Trend

Github Repositories

References