vulnerability

SolarWinds Orion Platform: Escalate privileges on affected installations (CVE-2021-27258)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Apr 14, 2021	Apr 27, 2021	Apr 27, 2021

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Apr 14, 2021

Added

Apr 27, 2021

Modified

Apr 27, 2021

Description

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SaveUserSetting endpoint. The issue results from improper restriction of this endpoint to unprivileged users. An attacker can leverage this vulnerability to escalate privileges their privileges from Guest to Administrator. Was ZDI-CAN-11903.

Solution

solarwinds-orion-platform-upgrade-latest

References

CVE-2021-27258
https://attackerkb.com/topics/CVE-2021-27258
URL-https://www.zerodayinitiative.com/advisories/ZDI-21-192/

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today