First published: Wed Apr 12 2017(Updated: )
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker can escape from the restricted shell.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Solarwinds Log \& Event Manager | =6.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.