Vulnerability identifier: #VU49924

Vulnerability risk: Medium

CVSSv3.1: 7.6 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-27871

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Orion Platform
Server applications / Remote management servers, RDP, SSH
Orion Network Performance Monitor
Web applications / Other software

Vendor: SolarWinds

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within VulnerabilitySettings.aspx in SolarWinds Network Performance Monitor. A remote user can send a specially crafted HTTP request and create arbitrary files on the system in arbitrary directories.

Successful exploitation of the vulnerability can lead to arbitrary code execution in the context of SYSTEM account.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Orion Platform: 2019.2 - 2020.2.1 HF 1

Orion Network Performance Monitor: 2019.4 - 2020.2 Hotfix 1

---

External links
http://www.zerodayinitiative.com/advisories/ZDI-21-067/

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.