- SOLARWINDS VULNERABILITY SOFTWARE
- SOLARWINDS VULNERABILITY CODE
- SOLARWINDS VULNERABILITY TRIAL
- SOLARWINDS VULNERABILITY SERIES
Both of these classes inherit from ., which can be leveraged to achieve remote code execution using the known gadget chain used in the public exploit for CVE-2021-31474.Ī remote, authenticated attacker can exploit this vulnerability by sending a crafted serialized object to the target server.
This results in invocation of the ParseViewContext() method on the malicious property, which in turn calls the JsonConvert.DeserializeObject() method to deserialize the property as. if the EnviromentType property is set to “Alerting”, or as. if the EnviromentType property is set to “Reporting”. Due to the fact there is no check to see if a given control property setter method is safe to be invoked, a malicious control, such as an instance of the .ActionPluginBaseView class with a crafted ViewContextJsonString property may be sent by an attacker. This endpoint allows loading an arbitrary control, and setting properties of that control to arbitrary values. The vulnerability is due to a lack of sanitization of parameters sent to the RenderControl.aspx endpoint. The control parameters are set by invoking the setter function associated with each property.Īn insecure deserialization vulnerability exists in SolarWinds Orion Platform. When the endpoint processes the request, it first loads the requested control, then sets each of the control’s properties as set in the config parameter. These parameters can be submitted either via the request-URI query or via a JSON object in the HTTP body of the request. This endpoint reads the type of the control from the Control parameter and the control’s properties from the config parameter. To load the content of these custom controls, the application sends a POST request to the endpoint “/Orion/ RenderControl.aspx”.
SOLARWINDS VULNERABILITY TRIAL
Begin a free 2-week trial and go hack yourself.Several UI elements in SolarWinds Orion Platform utilize controls to render customized ASP.NET pages.
If you are running SolarWinds Orion, Detectify will scan your application for CVE-2020-10148 SolarWinds Orion Authentication Bypass and alert you if it is detected.įind vulnerabilities that you thought were fixed and more with Detectify. In particular, if an attacker appends a PathInfo parameter of WebResource.axd, ScriptResource.axd, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication. How this vulnerability can be exploitedĪPI authentication can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request, which could allow an attacker to execute unauthenticated API commands. The vulnerability, submitted by one of the ethical hackers in our Detectify Crowdsource network, could allow an attacker to bypass authentication and execute API commands, which could result in a compromise of the SolarWinds instance. According to SEC documents, Orion is used by 33,000 customers, among them US government agencies and major private corporations. SolarWinds’ Orion system provides centralized monitoring across an organization’s entire IT stack.
SOLARWINDS VULNERABILITY SOFTWARE
This critical zero-day vulnerability was used by attackers to deliver malware, dubbed Supernova, to take control of affected systems in the recent major attack on software provider SolarWinds. In January, Detectify added a security test for CVE-2020-10148, SolarWinds Orion Authentication Bypass. First up: CVE-2020-10148, SolarWinds Orion Authentication Bypass.
SOLARWINDS VULNERABILITY SERIES
In the new series Vuln of the Month, we deep-dive into an especially interesting vulnerability that was added to our scanner in the past month. Every week, our global community of hand-picked Detectify Crowdsource ethical hackers submit new vulnerabilities that we make available to our users as automated security tests.
0 kommentar(er)
