Description
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- SolarWinds / Orion Platform2019.4 HF 5 β 2019.4 HF 5
- SolarWinds / Orion Platform2020.2 without hotfix β 2020.2 without hotfix
- SolarWinds / Orion Platform2020.2 HF 1 β 2020.2 HF 1
Exploits & PoCs
- nucleiSolarWinds Orion API - Auth Bypassby dwisiswant0