7.5
CVSSv2

CVE-2020-10148

Published: 29/12/2020 Updated: 31/12/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote malicious user to execute API commands. This vulnerability could allow a remote malicious user to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

solarwinds orion platform 2019.4

solarwinds orion platform 2020.2

solarwinds orion platform 2020.2.1

Github Repositories

CVE-2020-10148 Solarwinds Orion Download CVE-2020-10148py wget gistgithubusercontentcom/0xsha/75616ef6f24067c4fb5b320c5dfa4965/raw/0d7db4f2ea5aacc0ada7b1a7b23f2ce8ba39315f/CVE-2020-10148py Looking Solarwinds Orion from Shodan wwwshodanio/search?query=httptitle%3Asolarwinds+httpfaviconhash%3A-1776962843 Running CVE-2020-10148py python CVE-2020-10148p

SolarWinds Orion API 远程代码执行漏洞批量检测脚本

使用方法&免责声明 该脚本为SolarWinds Orion API 远程代码执行漏洞批量检测脚本(CVE-2020-10148)。 使用方法:Python CVE-2020-10148py urlstxt urlstxt 中每个url为一行,漏洞地址输出在vultxt中 影响版本: SolarWinds Orion 202021 HF 2 及 20194 HF 6之前的版本受此漏洞影响。 工具仅用于安全人员安全

CVE-2020-10148 Solarwinds Orion Download CVE-2020-10148py wget gistgithubusercontentcom/0xsha/75616ef6f24067c4fb5b320c5dfa4965/raw/0d7db4f2ea5aacc0ada7b1a7b23f2ce8ba39315f/CVE-2020-10148py Looking Solarwinds Orion from Shodan wwwshodanio/search?query=httptitle%3Asolarwinds+httpfaviconhash%3A-1776962843 Running CVE-2020-10148py python CVE-2020-10148p

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android