Vulnerability Description
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solarwinds | Orion Platform | < 2020.2.4 |
Related Weaknesses (CWE)
References
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-contExploitPatchThird Party Advisory
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-contExploitPatchThird Party Advisory
FAQ
What is CVE-2021-25274?
CVE-2021-25274 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients ca...
How severe is CVE-2021-25274?
CVE-2021-25274 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-25274?
Check the references section above for vendor advisories and patch information. Affected products include: Solarwinds Orion Platform.