Remote code execution vulnerability in SolarWinds Orion Network Performance Monitor - CVE-2019-8917ID: oval:org.secpod.oval:def:68077 | Date: (C)2021-01-04 (M)2021-07-08 |
Class: VULNERABILITY | Family: windows |
The host is installed with SolarWinds Orion Network Performance Monitor before 12.4 and is prone to a remote code execution vulnerability. A flaw is present in the application, which fails to properly handle an issue in the OrionModuleEngine service. Successful exploitation remote, unauthenticated attackers to connect and call publicly exposed methods and execute commands as the SYSTEM user via the InvokeActionMethod method.
Platform: |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Product: |
SolarWinds Orion Network Performance Monitor |