#VU49921 Input validation error in Orion Platform and Orion Network Performance Monitor - CVE-2020-14005

Cybersecurity Help s.r.o.

Published: 2021-01-22

Vulnerability identifier: #VU49921

Vulnerability risk: Medium

CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:U/U:Green]

CVE-ID: CVE-2020-14005

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Orion Platform
Server applications / Remote management servers, RDP, SSH
Orion Network Performance Monitor
Web applications / Other software

Vendor: SolarWinds

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input within the ExecuteVBScript and ExecuteExternalProgram methods in SolarWinds Network Performance Monitor. A remote authenticated user can pass specially crafted input to the application and execute arbitrary code with SYSTEM privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Orion Platform: 2019.2 HF 1 - 2020.2.1

Orion Network Performance Monitor: 2019.4 Hotfix 1 - 2020.2

External links
https://gist.github.com/alert3/c9dcce5474e55f408c93c086c30cdbb7
https://www.zerodayinitiative.com/advisories/ZDI-21-063/
https://www.zerodayinitiative.com/advisories/ZDI-21-065/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in SolarWinds Orion Platform and Network Performance Monitor