Remote Code Execution in SolarWinds N-central Affects Multiple Versions
CVE-2020-7984

7.5HIGH

Key Information:

Vendor
Solarwinds
Status
N-central
Vendor
CVE Published:
26 January 2020

Summary

The vulnerability in SolarWinds N-central prior to specified versions allows unauthorized remote attackers to access sensitive cleartext domain admin credentials. By exploiting this flaw, an attacker can utilize a customer ID to self-register, thereby gaining the ability to read confidential details of the agent and appliance configuration, potentially leading to significant security breaches.

References

https://blog.huntresslabs.com/validating-the-solarwinds-n...
x_refsource_MISC
https://www.crn.com/news/managed-services/solarwinds-rmm-...
x_refsource_MISC
https://success.solarwindsmsp.com/kb/solarwinds_n-central...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.