The specific flaw exists within the WriteToFile method. Authentication is required to exploit this vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. The specific flaw exists within the SolarWinds.Serialization library. Authentication is not required to exploit this vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination. Vulnerabilities for 'Network performance monitor'Įach authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers.
0 Comments
Leave a Reply. |