Lucene search

SolarWindsCVE-2022-36963

HistoryApr 21, 2023 - 8:15 p.m.

CVE-2022-36963

2023-04-2120:15:07

CWE-94

SolarWinds

web.nvd.nist.gov

solarwinds

platform

command injection

vulnerability

remote code execution

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.

Affected configurations

Nvd

Node

solarwindsorion_platformRange<2023.2

VendorProductVersionCPE
solarwindsorion_platform*cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
solarwinds	orion_platform	*	cpe:2.3:a:solarwinds:orion_platform::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SolarWinds Platform",
    "vendor": "SolarWinds Platform Command Injection Vulnerability",
    "versions": [
      {
        "lessThanOrEqual": "2023.2",
        "status": "affected",
        "version": "2023.1 and prior versions",
        "versionType": "custom"
      }
    ]
  }
]

References

documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm

www.solarwinds.com/trust-center/security-advisories/cve-2022-36963

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

44.7%

JSON

Related for CVE-2022-36963