CVE-2020-15909

Name of the Vulnerable Software and Affected Versions SolarWinds N-central versions through 2020.1

Description The issue allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources, such as sourceip or MFA claim, as long as the victim stays logged in within N-Central. This allows a stolen cookie to be used on the attacker's workstation by browsing to the victim's N-Central server URL and replacing the JSESSIONID attribute value with the captured value. Expected behavior would be to check this against a second source and enforce at least reauthentication or a multi-factor request, given that N-Central is a highly privileged service.

Recommendations For SolarWinds N-central versions through 2020.1, consider implementing additional security measures such as reauthentication or multi-factor requests to mitigate the risk of session hijacking. As a temporary workaround, restrict access to sensitive areas of N-Central to minimize the risk of exploitation.