Lucene search
CertccVULNRICHMENT:CVE-2020-10148HistoryDec 29, 2020 - 9:55 p.m.
CVE-2020-10148 SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
2020-12-2921:55:16
CWE-288
certcc
github.com
3
solarwinds
orion
api
authentication
bypass
vulnerability
remote attacker
execute
commands
compromise
instance
versions 2019.4 hf 5
2020.2 hf 1
AI Score
7.6
Confidence
Low
EPSS
0.972
Percentile
99.9%
SSVC
Exploitation
active
Automatable
yes
Technical Impact
total
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*"
],
"vendor": "solarwinds",
"product": "orion_platform",
"versions": [
{
"status": "affected",
"version": "2019.4"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:solarwinds:orion_platform:2020.2.1:-:*:*:*:*:*:*"
],
"vendor": "solarwinds",
"product": "orion_platform",
"versions": [
{
"status": "affected",
"version": "2020.2.1"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:solarwinds:orion_platform:2020.2:hotfix1:*:*:*:*:*:*"
],
"vendor": "solarwinds",
"product": "orion_platform",
"versions": [
{
"status": "affected",
"version": "2020.2"
}
],
"defaultStatus": "unknown"
}
]Related
prion
prion
Authentication flaw
2020-12-29 22:15:00
malwarebytes
malwarebytes
SUPERNOVA malware discovered on SolarWinds Orion server
2021-04-23 14:00:12
thn
thn
Hackers Exploit VPN to Deploy SUPERNOVA malware on SolarWinds Orion
2021-04-23 05:51:00
A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
2020-12-27 06:24:00
SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers
2021-03-09 09:58:00
checkpoint_advisories
checkpoint_advisories
SolarWinds Orion Platform Authentication Bypass (CVE-2020-10148)
2021-11-28 00:00:00
cisa_kev
cisa_kev
SolarWinds Orion Authentication Bypass Vulnerability
2021-11-03 00:00:00
nessus
nessus
nvd
nvd
CVE-2020-10148
2020-12-29 22:15:12
githubexploit
githubexploit
Exploit for Improper Authentication in Solarwinds Orion Platform
2021-01-03 05:35:07
Exploit for Improper Authentication in Solarwinds Orion Platform
2020-12-29 03:17:56
Exploit for Improper Authentication in Solarwinds Orion Platform
2021-01-05 13:42:36
rapid7blog
rapid7blog
SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know
2020-12-14 18:23:26
attackerkb
attackerkb
CVE-2020-10148 SolarWinds Orion API authentication bypass and RCE
2020-12-29 00:00:00
nuclei
nuclei
SolarWinds Orion API - Auth Bypass
2020-12-29 07:32:08
cert
cert
SolarWinds Orion API authentication bypass allows remote command execution
2020-12-26 00:00:00
cvelist
cvelist
cve
cve
CVE-2020-10148
2020-12-29 22:15:12
qualysblog
qualysblog
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR
2022-02-23 05:39:00
AI Score
7.6
Confidence
Low
EPSS
0.972
Percentile
99.9%
SSVC
Exploitation
active
Automatable
yes
Technical Impact
total
Related for VULNRICHMENT:CVE-2020-10148