First published: Sun Dec 13 2020(Updated: )
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
Credit: cret@cert.org cret@cert.org
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Orion Platform | =2019.4-hotfix5 | |
SolarWinds Orion Platform | =2020.2 | |
SolarWinds Orion Platform | =2020.2.1-hotfix1 | |
SolarWinds Orion | ||
=2019.4-hotfix5 | ||
=2020.2 | ||
=2020.2.1-hotfix1 |
Users should update to the relevant versions of the SolarWinds Orion Platform: 2019.4 HF 6 (released December 14, 2020) 2020.2.1 HF 2 (released December 15, 2020) 2019.2 SUPERNOVA Patch (released December 23, 2020) 2018.4 SUPERNOVA Patch (released December 23, 2020) 2018.2 SUPERNOVA Patch (released December 23, 2020)
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10148 is a vulnerability in SolarWinds Orion that allows an attacker to bypass authentication and execute API commands.
Check if you are using SolarWinds Orion 2019.4-hotfix5, 2020.2, or 2020.2.1-hotfix1.
CVE-2020-10148 has a severity level of 9.8, which is considered critical.
An attacker can exploit CVE-2020-10148 by bypassing authentication and executing API commands remotely.
You can find more information about CVE-2020-10148 in the CERT Vulnerability Note and SolarWinds security advisory.