The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

• S1 – Steal Customer Account Information

EPSS

Score: 0.94345
Percentile: 0.99948

CVSS Scoring

KEV is present

Mapped CWE(s)

• CWE-288 : Authentication Bypass Using an Alternate Path or Channel
• CWE-306 : Missing Authentication for Critical Function

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1083 : File and Directory Discovery
  Kill Chain: discovery
• T1211 : Exploitation for Defense Evasion
  Kill Chain: defense-evasion
• T1542.002 : Component Firmware
  Kill Chain: persistence
• T1556 : Modify Authentication Process
  Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*
• cpe:2.3:a:solarwinds:orion_platform:2020.2:-:*:*:*:*:*:*
• cpe:2.3:a:solarwinds:orion_platform:2020.2.1:hotfix1:*:*:*:*:*:*

← Back to Home