SSH Communication Channel Exposure in SolarWinds N-Central
CVE-2020-25619

4.4MEDIUM

Key Information:

Vendor
Solarwinds
Status
N-central
Vendor
CVE Published:
16 December 2020

Summary

A vulnerability was identified in SolarWinds N-Central 12.3.0.670, where the SSH component fails to impose restrictions on the Communication Channel to Intended Endpoints. This allows attackers to exploit SSH's port forwarding feature, utilizing a temporary key pair to gain access to network services that are meant to be restricted to local communication. Consequently, this could lead to unauthorized access to localhost resources, posing significant security concerns for affected systems.

References

https://support.solarwinds.com/SuccessCenter/s/
x_refsource_MISC
https://ernw.de/en/publications.html
x_refsource_MISC
https://insinuator.net/2020/12/security-advisories-for-so...
x_refsource_MISC

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.