PT-2020-19899 · Solarwinds · Solarwinds N-Central

Published

2020-01-26

Updated

2020-02-05

CVE-2020-7984

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SolarWinds N-central versions 12.1 before SP1 HF5 SolarWinds N-central versions 12.2 before SP1 HF2

Description The issue allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings and obtain other sensitive information. An attacker can use a customer ID to self-register and read any aspects of the agent/appliance configuration.

Recommendations For SolarWinds N-central version 12.1, update to at least SP1 HF5 to resolve the issue. For SolarWinds N-central version 12.2, update to at least SP1 HF2 to resolve the issue.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-7984

Affected Products

Solarwinds N-Central

PT-2020-19899 · Solarwinds · Solarwinds N-Central

CVE-2020-7984

Weakness Enumeration

Related Identifiers

Affected Products

References · 11