Cross-Site Request Forgery in SolarWinds Orion Network Performance Monitor
CVE-2012-2602

Currently unrated

Key Information:

Vendor: Solarwinds
Status: Orion Network Performance Monitor
Vendor: CVE Published:; 12 August 2012

Summary

The SolarWinds Orion Network Performance Monitor is susceptible to multiple cross-site request forgery vulnerabilities that could allow remote attackers to hijack administrator authentication. Specifically, attackers could exploit these flaws to create unauthorized user accounts by invoking the CreateUserStepContainer action at Admin/Accounts/Add/OrionAccount.aspx. Additionally, attackers could manipulate account privileges through the ynAdminRights action at Admin/Accounts/EditAccount.aspx. To mitigate these risks, implementing security best practices, such as validating requests, is essential.

References

http://www.kb.cert.org/vuls/id/174119

third-party-advisoryx_refsource_CERT-VN

http://www.solarwinds.com/documentation/Orion/docs/Releas...

x_refsource_MISC

http://secunia.com/advisories/50004

third-party-advisoryx_refsource_SECUNIA

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 12, 2012