CVE-2020-10148 — CRITICAL (9.8)

Vulnerability Description

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Solarwinds	Orion Platform	2019.4

Related Weaknesses (CWE)

CWE-306 CWE-288

References

https://kb.cert.org/vuls/id/843464Third Party AdvisoryUS Government Resource
https://www.solarwinds.com/securityadvisoryVendor Advisory
https://kb.cert.org/vuls/id/843464Third Party AdvisoryUS Government Resource
https://www.kb.cert.org/vuls/id/843464Third Party AdvisoryUS Government Resource
https://www.solarwinds.com/securityadvisoryVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-US Government Resource

FAQ

What is CVE-2020-10148?

CVE-2020-10148 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication...

How severe is CVE-2020-10148?

CVE-2020-10148 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-10148?

Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Orion Platform.