The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The SolarWinds Orion API is embedded into the Orion Core and is used to interface with all SolarWinds Orion Platform products. API authentication can be bypassed by including specific parameters in the
Request.PathInfoportion of a URI request, which could allow an attacker to execute unauthenticated API commands. In particular, if an attacker appends a
Skipi18nto a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.
- SolarWinds Orion 2020.2.1 HF 2 and 2019.4 HF 6
- 2019.4 HF 6 (released December 14, 2020)
- 2020.2.1 HF 2 (released December 15, 2020)
- 2019.2 SUPERNOVA Patch (released December 23, 2020)
- 2018.4 SUPERNOVA Patch (released December 23, 2020)
- 2018.2 SUPERNOVA Patch (released December 23, 2020)
The post CVE-2020-10148: SolarWinds Remote Code Execution Vulnerability Alert appeared first on InfoTech News.