PT-2020-13773 · Solarwinds · Solarwinds Advanced Monitoring Agent

Published

2020-06-07

Updated

2021-07-21

CVE-2020-13912

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SolarWinds Advanced Monitoring Agent versions prior to 10.8.9

Description The issue allows local users to gain privileges via a Trojan horse .exe file. This is possible because everyone can write to a certain .exe file, which is a security flaw.

Recommendations For versions prior to 10.8.9, update to version 10.8.9 or later to resolve the issue. As a temporary workaround, consider restricting write access to the vulnerable .exe file until a patch is applied.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2020-13912

Affected Products

Solarwinds Advanced Monitoring Agent

PT-2020-13773 · Solarwinds · Solarwinds Advanced Monitoring Agent

CVE-2020-13912

Weakness Enumeration

Related Identifiers

Affected Products

References · 4