Published: 29/12/2020 Updated: 21/10/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote malicious user to execute API commands. This vulnerability could allow a remote malicious user to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
solarwinds orion platform 2019.4
solarwinds orion platform 2020.2.1
solarwinds orion platform 2020.2

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner Painless integrate Jaeles into your recon workflow? Enjoying this tool? Support it's development and take your game to the next level by using HunterSuiteio Installation Download precompiled version here If you have a Go environment, mak

Default signature for Jaeles Scanner

This project was part of Osmedeus Engine Check out how it was integrated at @OsmedeusEngine This repo only contain Default Signatures for Jaeles project Pull requests or any ideas are welcome Please read the Official Documentation here for writing your own signature Installation jaeles config init Or Try to c

CVE-2020-10148 Solarwinds Orion Download CVE-2020-10148py wget gistgithubusercontentcom/0xsha/75616ef6f24067c4fb5b320c5dfa4965/raw/0d7db4f2ea5aacc0ada7b1a7b23f2ce8ba39315f/CVE-2020-10148py Looking Solarwinds Orion from Shodan wwwshodanio/search?query=httptitle%3Asolarwinds+httpfaviconhash%3A-1776962843

SolarWinds Orion API 远程代码执行漏洞批量检测脚本

使用方法&免责声明该脚本为SolarWinds Orion API 远程代码执行漏洞批量检测脚本（CVE-2020-10148）。使用方法：Python CVE-2020-10148py urlstxt urlstxt 中每个url为一行，漏洞地址输出在vultxt中影响版本： SolarWinds Orion 202021 HF 2 及 20194 HF 6之前的版本受此漏洞影响。工具仅用于安全人员安全

The Swiss Army knife for automated Web Application Testing

Jaeles is a powerful, flexible and easily extensible framework written in Go for building your own Web Application Scanner Installation Download precompiled version here If you have a Go environment, make sure you have Go >= 117 with Go Modules enable and run the following command go install githubcom/jaeles-project/jaeles@latest

CVE-2020-10148 Solarwinds Orion Download CVE-2020-10148py wget gistgithubusercontentcom/0xsha/75616ef6f24067c4fb5b320c5dfa4965/raw/0d7db4f2ea5aacc0ada7b1a7b23f2ce8ba39315f/CVE-2020-10148py Looking Solarwinds Orion from Shodan wwwshodanio/search?query=httptitle%3Asolarwinds+httpfaviconhash%3A-1776962843

CWE-287 https://kb.cert.org/vuls/id/843464 https://www.solarwinds.com/securityadvisory https://nvd.nist.gov https://github.com/webexplo1t/Jaeles https://github.com/jaeles-project/jaeles-signatures

CVE-2020-10148

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect