SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability

CVE-2023-33228
4.5MEDIUM

Key Information

Vendor
Solarwinds
Status
Network Configuration Manager
Vendor
CVE Published:
1 November 2023

Summary

The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

Affected Version(s)

Network Configuration Manager = 2023.3.1 and previous versions

CVSS V3.1

Score:
4.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Risk change from: 4.9 to: 4.5 - (MEDIUM)

  • Vulnerability published.

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre Database

Credit

SolarWinds would like to thank Arnaud Cordier (CryptID) for reporting on the issue in a responsible manner.
.