Skip to content

Instantly share code, notes, and snippets.

@alert3 alert3/main.txt
Created Jun 24, 2020

Embed
What would you like to do?
Solarwinds Orion - Web Console WPM: 2019.4.1 Orion Platform HF4, NPM HF2: 2019.4
This is a description of arbitrary code execution vulnerability found in Solarwinds Orion - Web Console WPM: 2019.4.1 Orion Platform HF4, NPM HF2: 2019.4
@alert3

This comment has been minimized.

Copy link
Owner Author

alert3 commented Jun 24, 2020

Product

Solarwinds Orion - Web Console WPM: 2019.4.1 Orion Platform HF4, NPM HF2: 2019.4

Author

Amin Rawah

CVE ID

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14005

Description

A user can define an VB script on network event occurs to perform a specific action (more info https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Core-Executing-a-Visual-Basic-Script-sw1055.htm). Since there is no restriction on running VB, a malicious user with privilege to run VB on defined event can gain access to OS by executing a reverse shell. The following script was tested to run on specific event and the attacker gains access to OS as result https://github.com/bitsadmin/revbshell with admin privilege

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.