SB2021122101 - Multiple vulnerabilities in SolarWinds Orion Platform
Published: December 21, 2021 Updated: December 27, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Improper access control (CVE-ID: CVE-2021-35248)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to improper access restrictions. Any Orion user, including a guest account, can query the Orion.UserSettings entity and enumerate users and their basic settings.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-35244)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to escalate privileges within the application.
The vulnerability exists due to application does not properly impose security restrictions. A remote user with Orion alert management rights can use this vulnerability to perform an unrestricted file upload causing a remote code execution.
3) SQL injection (CVE-ID: CVE-2021-35234)
CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can send a specially crafted request to the affected application and exfiltrate data from the application database. Successful exploitation of the vulnerability may lead to privilege escalation.
Remediation
Install update from vendor's website.
References
- https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3
- https://documentation.solarwinds.com/en/Success_Center/orionplatform/content/core-secure-configuration.htm
- https://www.solarwinds.com/trust-center/security-advisories/CVE-2021-35248
- https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2020-2-6-Hotfix-3?language=en_US
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35242
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35234
- https://www.zerodayinitiative.com/advisories/ZDI-21-1604/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1603/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1602/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1601/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1600/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1599/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1598/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1597/
- https://www.zerodayinitiative.com/advisories/ZDI-21-1596/