Rewterz Threat Advisory – CVE-2019-1552 – Veritas Backup Exec privilege escalation Vulnerability
December 26, 2020Rewterz Threat Advisory – CVE-2020-2504 – QNAP QES directory traversal
December 28, 2020Rewterz Threat Advisory – CVE-2019-1552 – Veritas Backup Exec privilege escalation Vulnerability
December 26, 2020Rewterz Threat Advisory – CVE-2020-2504 – QNAP QES directory traversal
December 28, 2020Severity
High
Analysis Summary
The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands. The SolarWinds Orion API is embedded into the Orion Core and is used to interface with all SolarWinds Orion Platform products. API authentication can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request, which could allow an attacker to execute unauthenticated API commands. In particular, if an attacker appends a PathInfo parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.
Impact
- Remote command execution
- System compromise
Affected Vendors
SolarWinds
Remediation
Refer to vendor’s advisory for the complete list of affected products and their respective patches.