SolarWinds Orion Platform prior 2020.2.4 MSMQ permission

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as very critical, was found in SolarWinds Orion Platform. Affected is an unknown function of the component MSMQ. Upgrading to version 2020.2.4 eliminates this vulnerability.

Field02/04/2021 10:45 AM02/23/2021 01:19 PM
vendorSolarWindsSolarWinds
nameOrion PlatformOrion Platform
componentMSMQMSMQ
cwe275 (privilege escalation)275 (privilege escalation)
risk22
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_cHH
cvss3_vuldb_iHH
cvss3_vuldb_aHH
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
identifierhttps:/www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/https:/www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
nameUpgradeUpgrade
upgrade_version2020.2.42020.2.4
cveCVE-2021-25274CVE-2021-25274
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciCC
cvss2_vuldb_iiCC
cvss2_vuldb_aiCC
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_eNDND
cvss3_vuldb_sUU
cvss3_vuldb_eXX
cvss2_vuldb_basescore10.010.0
cvss2_vuldb_tempscore10.08.7
cvss3_vuldb_basescore9.89.8
cvss3_vuldb_tempscore9.89.4
cvss3_meta_basescore9.89.8
cvss3_meta_tempscore9.89.4
price_0day$0-$5k$0-$5k
cve_assigned1610665200
cve_nvd_summaryThe Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!