Rewterz Threat Advisory – Multiple Solarwinds Products Vulnerabilities

March 13, 2023

Severity

High

Analysis Summary

CVE-2021-35234 CVSS:8

Solarwinds Orion is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to multiple functions, which could allow the attacker to view, add, modify or delete information in the back-end database.

CVE-2021-35218 CVSS:8.9

SolarWinds Orion Platform could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw in the Chart Endpoint. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-35217 CVSS:8.9

SolarWinds Patch Manager could allow a remote authenticated attacker to execute arbitrary code on the system, caused by the insecure deserialization of untrusted data in the Orion Platform Integration module. By executing WSAsyncExecuteTasks deserialization of untrusted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-35216 CVSS:8.9

SolarWinds Patch Manager could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-35215 CVSS:8.9

SolarWinds Orion Platform could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-35213 CVSS:8.8

SolarWinds Orion Platform could allow a remote authenticated attacker to gain elevated privileges on the system, caused by an improper access control in the User Setting. By sending a specially-crafted request, an attacker could exploit this vulnerability to elevate privileges.

CVE-2021-35212 CVSS:8.9

SolarWinds Orion Platform is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to perform read/write over the Orion database content including the Orion certificate for any authenticated user.

CVE-2021-27258 CVSS:9.8

Solarwinds Orion Platform could allow a remote attacker to gain elevated privileges on the system, caused by improper restriction of the SaveUserSetting endpoint. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2020-27871 CVSS:7.2

SolarWinds Network Performance Monitor could allow a remote authenticated attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request to the VulnerabilitySettings.aspx script containing “dot dot” sequences (/../) to execute arbitrary code in the context of SYSTEM.

CVE-2020-27870 CVSS:7.5

SolarWinds Network Performance Monitor could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially-crafted URL request to the ExportToPDF.aspx script containing “dot dot” sequences (/../) to view arbitrary files in the context of SYSTEM.

CVE-2020-27869 CVSS:8.8

SolarWinds Network Performance Monitor could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the WriteToFile method. By sending specially-crafted SQL queries, an authenticated attacker could exploit this vulnerability to gain elevated privileges and reset the password for the Admin user.