|
|
|||
| Rule General Information |
|---|
| Release Date: | 2020-12-30 | |
| Rule Name: | SolarWinds Orion Authentication Bypass Vulnerability (CVE-2020-10148) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected. | |
| Impact: | An attacker could exploit this vulnerability to execute API commands. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://kb.cert.org/vuls/id/843464 https://www.solarwinds.com/securityadvisory |
|
| Solutions |
|---|
| Update software to 2020.2.1HF2 or 2019.4HF6. |