alert3/main.txt

Created June 24, 2020 05:48

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/alert3/c9dcce5474e55f408c93c086c30cdbb7.js"></script>
Save alert3/c9dcce5474e55f408c93c086c30cdbb7 to your computer and use it in GitHub Desktop.

Download ZIP

Solarwinds Orion - Web Console WPM: 2019.4.1 Orion Platform HF4, NPM HF2: 2019.4

Raw

This is a description of arbitrary code execution vulnerability found in Solarwinds Orion - Web Console WPM: 2019.4.1 Orion Platform HF4, NPM HF2: 2019.4

zmanion commented Dec 15, 2020 •

edited

Loading

To clarify, an authenticated user with access to some SolarWinds web interface can get VB to run, this VB could be a reverse shell that gives OS access? And with SYSTEM privileges? It may be obvious I'm not a SolarWinds user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment