PT-2020-16129 · Solarwinds · Solarwinds N-Central

Fabian Ullrich

Published

2020-12-16

Updated

2020-12-18

CVE-2020-25617

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SolarWinds N-Central version 12.3.0.670

Description An issue was discovered in SolarWinds N-Central, where the AdvancedScripts HTTP endpoint allows Relative Path Traversal by an authenticated user of the N-Central Administration Console (NAC), leading to execution of OS commands as root.

Recommendations For SolarWinds N-Central version 12.3.0.670, as a temporary workaround, consider restricting access to the AdvancedScripts HTTP endpoint until a patch is available. Additionally, limiting the privileges of authenticated users in the N-Central Administration Console (NAC) may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2020-25617

Affected Products

Solarwinds N-Central

PT-2020-16129 · Solarwinds · Solarwinds N-Central

CVE-2020-25617

Weakness Enumeration

Related Identifiers

Affected Products

References · 8