Main Vulnerability Database Vulnerabilities #VU57863

#VU57863 Permissions, Privileges, and Access Controls in Orion Network Performance Monitor - CVE-2021-35225

Published: November 2, 2021

Vulnerability identifier: #VU57863

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-35225

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Orion Network Performance Monitor

Software vendor:
SolarWinds

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to each authenticated Orion user in the MSP (Managed Service Provider) environment can view and browse all NetPath Services from all MSP's customers. A remote authenticated attacker can have a limited insight into other customers' infrastructure and cause potential data cross-contamination.

Remediation

Install updates from vendor's website.

#VU57863 Permissions, Privileges, and Access Controls in Orion Network Performance Monitor - CVE-2021-35225

Description

Remediation

External links

Please verify you're human