SolarWinds Network Configuration Manager Sensitive Information Disclosure Vulnerability

CVE-2023-33228

4.5MEDIUM

Key Information

Vendor: Solarwinds
Status: Network Configuration Manager
Vendor: CVE Published:; 1 November 2023

Summary

The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.

Affected Version(s)

Network Configuration Manager = 2023.3.1 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/nc...

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
May 18, 2023

Collectors

NVD DatabaseMitre Database

Credit

SolarWinds would like to thank Arnaud Cordier (CryptID) for reporting on the issue in a responsible manner.