Rewterz Threat Advisory – Multiple VMware Security Vulnerabilities
February 24, 2021Rewterz Threat Alert – Turla APT Group
February 25, 2021Rewterz Threat Advisory – Multiple VMware Security Vulnerabilities
February 24, 2021Rewterz Threat Alert – Turla APT Group
February 25, 2021Severity
High
Analysis Summary
CVE-2021-27240
SolarWinds Patch Managercould allow a local authenticated attacker to gain elevated privileges on the system, caused by an unsafe deserialization in the DataGridService WCF service. By sending a specially-crafted input, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code in the context of Administrator.
Impact
Privilege escalation
Affected Vendors
SolarWinds
Affected Products
SolarWinds Patch Manager 2020.2
Remediation
Upgrade to the latest version of Patch Manager (2020.2.4 or later).