PT-2020-16130 · Solarwinds · Solarwinds N-Central

Fabian Ullrich

Published

2020-12-16

Updated

2020-12-21

CVE-2020-25618

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SolarWinds N-Central version 12.3.0.670

Description An issue was discovered in the sudo configuration of SolarWinds N-Central, which has incorrect access control. The nable web user account is effectively able to run arbitrary OS commands as root because the use of root privileges is not limited to specific programs listed in the sudoers file.

Recommendations For SolarWinds N-Central version 12.3.0.670, consider restricting the privileges of the nable web user account to prevent it from running arbitrary OS commands as root until a patch is available. As a temporary workaround, review and modify the sudoers file to limit the use of root privileges to specific programs.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-25618

Affected Products

Solarwinds N-Central

PT-2020-16130 · Solarwinds · Solarwinds N-Central

CVE-2020-25618

Weakness Enumeration

Related Identifiers

Affected Products

References · 8