Exploited
CWE
287 288
Advisory Published
Updated

CVE-2020-10148: SolarWinds Orion Authentication Bypass Vulnerability

First published: Sun Dec 13 2020(Updated: )

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

Credit: cret@cert.org cret@cert.org

Affected SoftwareAffected VersionHow to fix
SolarWinds Orion Platform=2019.4-hotfix5
SolarWinds Orion Platform=2020.2
SolarWinds Orion Platform=2020.2.1-hotfix1
SolarWinds Orion
=2019.4-hotfix5
=2020.2
=2020.2.1-hotfix1

Remedy

Users should update to the relevant versions of the SolarWinds Orion Platform: 2019.4 HF 6 (released December 14, 2020) 2020.2.1 HF 2 (released December 15, 2020) 2019.2 SUPERNOVA Patch (released December 23, 2020) 2018.4 SUPERNOVA Patch (released December 23, 2020) 2018.2 SUPERNOVA Patch (released December 23, 2020)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-10148?

    CVE-2020-10148 is a vulnerability in SolarWinds Orion that allows an attacker to bypass authentication and execute API commands.

  • How do I know if my SolarWinds Orion instance is affected?

    Check if you are using SolarWinds Orion 2019.4-hotfix5, 2020.2, or 2020.2.1-hotfix1.

  • What is the severity level of CVE-2020-10148?

    CVE-2020-10148 has a severity level of 9.8, which is considered critical.

  • How can this vulnerability be exploited?

    An attacker can exploit CVE-2020-10148 by bypassing authentication and executing API commands remotely.

  • Where can I find more information about CVE-2020-10148?

    You can find more information about CVE-2020-10148 in the CERT Vulnerability Note and SolarWinds security advisory.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203