Published: 20/10/2022 Updated: 28/03/2023

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 0

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.

Vulnerable Product	Search on Vulmon	Subscribe to Product
solarwinds orion platform 2020.2.6
solarwinds orion platform
solarwinds orion platform 2022.2
solarwinds orion platform 2022.3

The SolarWinds Information Service (SWIS) is vulnerable to remote code execution by way of a crafted message received through the AMQP message queue A malicious user that can authenticate to the AMQP service can publish such a crafted message whose body is a serialized NET object which can lead to OS command execution as NT AUTHORITY\SYSTEM ...

CWE-502 https://www.zerodayinitiative.com/advisories/ZDI-CAN-17531 https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38108 http://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html https://nvd.nist.gov https://packetstormsecurity.com/files/171567/SolarWinds-Information-Service-SWIS-Remote-Command-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-38108

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect