Configuration File Sensitivity Exposure in SolarWinds Products
CVE-2024-45718

4.6MEDIUM

Key Information:

Vendor: Solarwinds
Status: Kiwi Syslog Ng
Vendor: CVE Published:; 11 February 2025

Summary

A vulnerability exists that may allow non-privileged users to access sensitive information stored in a configuration file. This scenario requires local access to the system with a low-privileged account, which can grant unauthorized individuals visibility into sensitive data. It is crucial for organizations using affected SolarWinds products to review their access controls and mitigate potential risks associated with this exposure.

Affected Version(s)

Kiwi Syslog NG Kiwi 1.3 and previous versions

References

https://www.solarwinds.com/trust-center/security-advisori...

https://documentation.solarwinds.com/en/success_center/ks...

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Sep 5, 2024