CVE-2021-35212: SolarWinds Orion Network Performance Monitor DisableNOCView SQL Injection Privilege Escalation Vulnerability
First published: Tue Aug 31 2021(Updated: )
An SQL injection Privilege Escalation Vulnerability was discovered in the Orion Platform reported by the ZDI Team. A blind Boolean SQL injection which could lead to full read/write over the Orion database content including the Orion certificate for any authenticated user.
Credit: psirt@solarwinds.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds Orion Platform | =2019.2 | |
| SolarWinds Orion Platform | =2019.4 | |
| SolarWinds Orion Platform | =2020.2.1 | |
| SolarWinds Orion Platform | =2020.2.4 | |
| SolarWinds Orion Platform | =2020.2.5 | |
Remedy
SolarWinds has identified a fix for this vulnerability and included the fix in Orion Platform 2020.2.5 Hotfix 1 and, In addition, backported the fixes to Orion Platform 2019.4.2 and 2019.2 HF4,respectively.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm
- https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm
- https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35212
- https://www.zerodayinitiative.com/advisories/ZDI-21-1243/
Frequently Asked Questions
What is CVE-2021-35212?
CVE-2021-35212 is a vulnerability that allows remote attackers to escalate privileges on affected installations of SolarWinds Orion Network Performance Monitor.
How severe is CVE-2021-35212?
CVE-2021-35212 has a severity rating of 8.8 (critical).
How does CVE-2021-35212 work?
CVE-2021-35212 exploits a flaw within the DisableNOCView method in SolarWinds Orion Network Performance Monitor, which results in the lack of proper input validation and allows for SQL injection and privilege escalation.
What versions of SolarWinds Orion Platform are affected by CVE-2021-35212?
CVE-2021-35212 affects the 2019.2, 2019.4, 2020.2.1, 2020.2.4, and 2020.2.5 versions of SolarWinds Orion Platform.
How can I fix CVE-2021-35212?
To fix CVE-2021-35212, update SolarWinds Orion Platform to a non-vulnerable version and follow the secure configuration guidelines provided by SolarWinds.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-1243
- alias/ZDI-CAN-13460
- alias/CVE-2021-35212
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/solarwinds
- canonical/solarwinds orion platform
- version/solarwinds orion platform/2019.2
- version/solarwinds orion platform/2019.4
- version/solarwinds orion platform/2020.2.1
- version/solarwinds orion platform/2020.2.4
- version/solarwinds orion platform/2020.2.5
- canonical/solarwinds orion network performance monitor