vulnerability
SolarWinds Orion Platform: Unrestricted File Upload Causing Remote Code Execution (CVE-2021-35244)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:S/C:C/I:C/A:C) | Dec 20, 2021 | Feb 24, 2022 | Mar 21, 2022 |
Severity
9
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:C)
Published
Dec 20, 2021
Added
Feb 24, 2022
Modified
Mar 21, 2022
Description
The "Log alert to a file" action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
Solution
solarwinds-orion-platform-upgrade-2020_2_6
References
- CVE-2021-35244
- https://attackerkb.com/topics/CVE-2021-35244
- URL-https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm
- URL-https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US
- URL-https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242
- URL-https://www.zerodayinitiative.com/advisories/ZDI-22-375/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.