CVE-2020-14005

Опубликовано: 24 июн. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Средний

Описание

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event.

Ссылки

https://gist.github.com/alert3/c9dcce5474e55f408c93c086c30cdbb7
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-063/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-065/
Third Party Advisory
VDB Entry
https://gist.github.com/alert3/c9dcce5474e55f408c93c086c30cdbb7
Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-063/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-065/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:solarwinds:orion_network_performance_monitor:2019.4:hotfix2:*:*:*:*:*:*

cpe:2.3:a:solarwinds:orion_web_performance_monitor:2019.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11406

Средний

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-mjrr-v86g-xj3w