First published: Wed Apr 14 2021(Updated: )
This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
SolarWinds Orion Platform | =2020.2 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-27258.
The severity of CVE-2021-27258 is critical with a CVSS score of 9.8.
The affected software for CVE-2021-27258 is SolarWinds Orion Platform 2020.2.
Remote attackers can exploit CVE-2021-27258 without requiring authentication.
Please refer to the vendor's security advisory for information on available fixes for CVE-2021-27258.