Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Network Performance Monitor (NPM) > SolarWinds Core vulnerability found by Nessus scan, ID: 83817

SolarWinds Core vulnerability found by Nessus scan, ID: 83817

Created by Daniel Polaske, last modified by MindTouch on Jun 23, 2016

Views: 164 Votes: 0 Revisions: 3

Overview

Vulnerablity issues with ID 83817 found when running a Nessus scan.

The remote host is running a version of SolarWinds Orion Core that is affected by multiple blind SQL injection vulnerabilities in the 'AccountManagement.asmx' script. A remote attacker, after being authenticated using the built-in default 'Guest' account, can exploit these vulnerabilities to execute arbitrary SQL commands. Note that the 'Guest' account needs to be enabled for exploitation of these vulnerabilities to occur.

For more information, see:

Authenticated Stacked SQL injection in core SolarWinds Orion service (CVE-2014-9566)

NPM v11.5.3 Release Notes

Environment

All versions prior to:

  • Network Performance Monitor 11.5
  • Server & Application Monitor 6.2
  • Web Performance Monitor 2.2
  • Storage Resource Monitor 6.0
  • User Device Tracker 3.2.1
  • Network Configuration Manager 7.4

Cause 

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.

For more information, see:

Authenticated Stacked SQL injection in core SolarWinds Orion service (CVE-2014-9566)

Vulnerability Summary for CVE-2014-9566

Multiple SolarWinds Orion products CVE-2014-956 Multiple SQL Injection Vulnerabilities

Resolution

This vulnerability has been fixed in Orion Platform 2015.1, thus following product versions (and later) are secured:

  • Network Performance Monitor 11.5
  • Server & Application Monitor 6.2
  • Web Performance Monitor 2.2
  • Storage Resource Monitor 6.0
  • User Device Tracker 3.2.1
  • Network Configuration Manager 7.4
     

A hotfix for Orion Platform 2014.2.1 can be used as patch for the following products:

  • Network Performance Monitor 11.0.1
  • IP Address Manager 4.3
  • User Device Tracker 3.2
  • Network Configuration Manager 7.3.1
  • Engineer's Toolset 11.0.1
  • Patch Manager 2.1

 

NTA does not Orion Platform and is not vulnerable.

Since Orion Platform is a shared component of multiple products, please take note of the following:

  • Any product with Orion Platform 2015.1 mentioned above is installed on the same machine, Core is upgraded and vulnerability is fixed!
  • Any product with Orion Platform 2014.2.1 mentioned above is installed on the same machine, Core is upgraded and hotfix can be applied.
  • Orion Platform version can be found in the footer of Orion Web Console page (e.g. "Orion Platform 2015.1.0") or in "Add or Remove programs" section (e.g. "SolarWinds Orion Core Services 2015.1.0").

 

For example: Customer has installed NPM 11.5 with WPM 2.1. While WPM 2.1 itself might be vulnerable, the combination with NPM 11.5 is secure.

 

Last modified
23:35, 22 Jun 2016

Tags

Classifications

Public