Lucene search
Piotr Bazydlo (@chudypb)ZDI-21-602HistorySep 20, 2021 - 12:00 a.m.
SolarWinds Network Performance Monitor FromJson Deserialization of Untrusted Data Remote Code Execution Vulnerability
2021-09-2000:00:00
Piotr Bazydlo (@chudypb)
www.zerodayinitiative.com
35
solarwinds
network performance monitor
untrusted data
code execution
authentication
serialization library
validation
user-supplied data
system context
EPSS
0.549
Percentile
97.7%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.
Related
nvd
nvd
CVE-2021-31474
2021-05-21 15:15:07
attackerkb
attackerkb
CVE-2021-31474
2021-05-21 00:00:00
seebug
seebug
SolarWinds Orion 远程代码执行漏洞(CVE-2021-31474)
2021-05-26 00:00:00
cvelist
cvelist
CVE-2021-31474
2021-05-21 14:40:15
cve
cve
CVE-2021-31474
2021-05-21 15:15:07
prion
prion
Deserialization of untrusted data
2021-05-21 15:15:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Solarwinds Orion Platform
2021-10-23 01:35:42