Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > SolarWinds Core vulnerability found by Nessus scan, ID: 83817

SolarWinds Core vulnerability found by Nessus scan, ID: 83817

Created by Daniel Polaske, last modified by MindTouch on Jun 23, 2016

Views: 1,981 Votes: 0 Revisions: 3

Overview

Vulnerablity issues with ID 83817 found when running a Nessus scan.

The remote host is running a version of SolarWinds Orion Core that is affected by multiple blind SQL injection vulnerabilities in the 'AccountManagement.asmx' script. A remote attacker, after being authenticated using the built-in default 'Guest' account, can exploit these vulnerabilities to execute arbitrary SQL commands. Note that the 'Guest' account needs to be enabled for exploitation of these vulnerabilities to occur.

For more information, see:

Authenticated Stacked SQL injection in core SolarWinds Orion service (CVE-2014-9566)

NPM v11.5.3 Release Notes

Environment

All versions prior to:

  • Network Performance Monitor 11.5
  • Server & Application Monitor 6.2
  • Web Performance Monitor 2.2
  • Storage Resource Monitor 6.0
  • User Device Tracker 3.2.1
  • Network Configuration Manager 7.4

Cause 

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.

For more information, see:

Authenticated Stacked SQL injection in core SolarWinds Orion service (CVE-2014-9566)

Vulnerability Summary for CVE-2014-9566

Multiple SolarWinds Orion products CVE-2014-956 Multiple SQL Injection Vulnerabilities

Resolution

This vulnerability has been fixed in Orion Platform 2015.1, thus following product versions (and later) are secured:

  • Network Performance Monitor 11.5
  • Server & Application Monitor 6.2
  • Web Performance Monitor 2.2
  • Storage Resource Monitor 6.0
  • User Device Tracker 3.2.1
  • Network Configuration Manager 7.4
     

A hotfix for Orion Platform 2014.2.1 can be used as patch for the following products:

  • Network Performance Monitor 11.0.1
  • IP Address Manager 4.3
  • User Device Tracker 3.2
  • Network Configuration Manager 7.3.1
  • Engineer's Toolset 11.0.1
  • Patch Manager 2.1

 

NTA does not Orion Platform and is not vulnerable.

Since Orion Platform is a shared component of multiple products, please take note of the following:

  • Any product with Orion Platform 2015.1 mentioned above is installed on the same machine, Core is upgraded and vulnerability is fixed!
  • Any product with Orion Platform 2014.2.1 mentioned above is installed on the same machine, Core is upgraded and hotfix can be applied.
  • Orion Platform version can be found in the footer of Orion Web Console page (e.g. "Orion Platform 2015.1.0") or in "Add or Remove programs" section (e.g. "SolarWinds Orion Core Services 2015.1.0").

 

For example: Customer has installed NPM 11.5 with WPM 2.1. While WPM 2.1 itself might be vulnerable, the combination with NPM 11.5 is secure.

 

Last modified

Tags

Classifications

Public