Lucene search
SolarWindsCVE-2022-38108HistoryOct 20, 2022 - 9:15 p.m.
CVE-2022-38108
2022-10-2021:15:10
CWE-502
SolarWinds
web.nvd.nist.gov
52
9
solarwinds
platform
vulnerability
remote code execution
nvd
cve-2022-38108
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0.038
Percentile
92.1%
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
Affected configurations
Node
solarwindsorion_platformRange<2020.2.6
ORsolarwindsorion_platformMatch2020.2.6-
ORsolarwindsorion_platformMatch2020.2.6hotfix1
ORsolarwindsorion_platformMatch2020.2.6hotfix2
ORsolarwindsorion_platformMatch2020.2.6hotfix3
ORsolarwindsorion_platformMatch2020.2.6hotfix4
ORsolarwindsorion_platformMatch2020.2.6hotfix5
ORsolarwindsorion_platformMatch2022.2
ORsolarwindsorion_platformMatch2022.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| solarwinds | orion_platform | * | cpe:2.3:a:solarwinds:orion_platform:*:*:*:*:*:*:*:* |
| solarwinds | orion_platform | 2020.2.6 | cpe:2.3:a:solarwinds:orion_platform:2020.2.6:-:*:*:*:*:*:* |
| solarwinds | orion_platform | 2020.2.6 | cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix1:*:*:*:*:*:* |
| solarwinds | orion_platform | 2020.2.6 | cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix2:*:*:*:*:*:* |
| solarwinds | orion_platform | 2020.2.6 | cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix3:*:*:*:*:*:* |
| solarwinds | orion_platform | 2020.2.6 | cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix4:*:*:*:*:*:* |
| solarwinds | orion_platform | 2020.2.6 | cpe:2.3:a:solarwinds:orion_platform:2020.2.6:hotfix5:*:*:*:*:*:* |
| solarwinds | orion_platform | 2022.2 | cpe:2.3:a:solarwinds:orion_platform:2022.2:*:*:*:*:*:*:* |
| solarwinds | orion_platform | 2022.3 | cpe:2.3:a:solarwinds:orion_platform:2022.3:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "SolarWinds",
"product": "SolarWinds Platform",
"versions": [
{
"version": "unspecified",
"lessThanOrEqual": "2022.3 and prior versions",
"status": "affected",
"versionType": "custom"
}
]
},
{
"vendor": "SolarWinds",
"product": "Orion Platform",
"versions": [
{
"version": "unspecified",
"lessThanOrEqual": "2020.2.6 HF5 and prior versions",
"status": "affected",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
metasploit
metasploit
SolarWinds Information Service (SWIS) .NET Deserialization From AMQP RCE
2023-03-23 21:28:58
zdi
zdi
cvelist
cvelist
CVE-2022-38108 SolarWinds Platform Deserialization of Untrusted Data
2022-10-20 20:11:25
packetstorm
packetstorm
SolarWinds Information Service (SWIS) Remote Command Execution
2023-03-28 00:00:00
prion
prion
Deserialization of untrusted data
2022-10-20 21:15:00
nvd
nvd
CVE-2022-38108
2022-10-20 21:15:10
zdt
zdt
SolarWinds Information Service (SWIS) Remote Command Execution Exploit
2023-03-28 00:00:00
rapid7blog
rapid7blog
Metasploit Weekly Wrap-up
2023-03-31 16:54:52
nessus
nessus
SolarWinds Orion Platform < 2022.4 Multiple Vulnerabilities
2022-10-27 00:00:00
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
7.3
Confidence
High
EPSS
0.038
Percentile
92.1%
Related for CVE-2022-38108