SolarWinds Orion LFI Vulnerability SUPERNOVA CVE-2020-10148 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

30

SolarWinds Orion LFI Vulnerability SUPERNOVA CVE-2020-10148 Scanner Detail

The SolarWinds Orion API is vulnerable to authentication bypass that could allow a remote attacker to execute API commands.

What is SolarWinds Orion Platform?

The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The SolarWinds Orion API is embedded into the Orion Core and is used to interface with all SolarWinds Orion Platform products.

Vulnerability

The SolarWinds Orion API authentication can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request, which could allow an attacker to execute unauthenticated API commands. In particular, if an attacker appends a PathInfo parameter of WebResource.axd, ScriptResource.axd, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.

Some Advice for Common Problems

Users should update to the relevant versions of the SolarWinds Orion Platform:

  1. 2019.4 HF 6 (released December 14, 2020)
  2. 2020.2.1 HF 2 (released December 15, 2020)
  3. 2019.2 SUPERNOVA Patch (released December 23, 2020)
  4. 2018.4 SUPERNOVA Patch (released December 23, 2020)
  5. 2018.2 SUPERNOVA Patch (released December 23, 2020)
More information can be found in the SolarWinds Security Advisory.

Especially in cases when updates cannot be installed, we recommend that users implement these mitigations to harden the IIS server.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service