Hashed Credential Exposure Vulnerability
CVE-2021-35226

6.5MEDIUM

Key Information:

Vendor: Solarwinds
Status: Network Configuration Manager
Vendor: CVE Published:; 10 October 2022

Summary

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.

Affected Version(s)

Network Configuration Manager 2020.2.5 and previous version < 2020.2.5

References

https://www.solarwinds.com/trust-center/security-advisori...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2022
Vulnerability Reserved
Jun 22, 2021

Credit

SolarWinds would like to thank Preston Deason, Chad Larsen and Zachary Riezenman for reporting on the issue in a responsible manner.