Multiple vulnerabilities in SolarWinds Orion Platform
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-23836 CVE-2022-47507 CVE-2022-47506 CVE-2022-47504 CVE-2022-47503 CVE-2022-38111 |
| CWE-ID | CWE-502 CWE-22 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Orion Platform Server applications / Remote management servers, RDP, SSH |
| Vendor | SolarWinds |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Deserialization of Untrusted Data
EUVDB-ID: #VU72305
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-23836
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the CredentialInitializer() function. A remote user with Orion admin-level account access to the SolarWinds Web Console can pass specially crafted data to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOrion Platform: 2016.1 - 2022.4.1
CPE2.3- cpe:2.3:a:solarwinds:orion_platform:2016.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2016.2:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2017.1:*:*:*:*:*:*:*
https://www.solarwinds.com/trust-center/security-advisories/cve-2023-23836
https://www.zerodayinitiative.com/advisories/ZDI-23-170/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Deserialization of Untrusted Data
EUVDB-ID: #VU72304
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47507
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the WorkerProcessWCFProxy() function. A remote user with Orion admin-level account access to SolarWinds Web Console can pass specially crafted data to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOrion Platform: 2016.1 - 2022.4.1
CPE2.3- cpe:2.3:a:solarwinds:orion_platform:2016.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2016.2:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2017.1:*:*:*:*:*:*:*
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47507
https://www.zerodayinitiative.com/advisories/ZDI-23-169/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Path traversal
EUVDB-ID: #VU72303
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-47506
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the sshd_SftpRename function. A remote user can send a specially crafted HTTP request and update the default configuration, enabling the execution of arbitrary commands.
Successful exploitation of the vulnerability may allow remote code execution.
Install update from vendor's website.
Vulnerable software versionsOrion Platform: 2016.1 - 2022.4.1
CPE2.3- cpe:2.3:a:solarwinds:orion_platform:2016.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2016.2:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2017.1:*:*:*:*:*:*:*
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47506
https://www.zerodayinitiative.com/advisories/ZDI-23-168/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Deserialization of Untrusted Data
EUVDB-ID: #VU72302
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47504
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data. A remote user with Orion admin-level account access to SolarWinds Web Console can pass specially crafted data to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOrion Platform: 2016.1 - 2022.4.1
CPE2.3- cpe:2.3:a:solarwinds:orion_platform:2016.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2016.2:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2017.1:*:*:*:*:*:*:*
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47504
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Deserialization of Untrusted Data
EUVDB-ID: #VU72301
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-47503
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the WorkerControllerWCFProxy() function. A remote user with Orion admin-level account access to SolarWinds Web Console can pass specially crafted data to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsOrion Platform: 2016.1 - 2022.4.1
CPE2.3- cpe:2.3:a:solarwinds:orion_platform:2016.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2016.2:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2017.1:*:*:*:*:*:*:*
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-47503
https://www.zerodayinitiative.com/advisories/ZDI-23-166/
https://www.zerodayinitiative.com/advisories/ZDI-23-213/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Deserialization of Untrusted Data
EUVDB-ID: #VU72300
Risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2022-38111
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the BytesToMessage() function. A remote user with Orion admin-level account access to SolarWinds Web Console can pass specially crafted data to the application and execute arbitrary code on the target system.
Install updates from vendor's website.
Vulnerable software versionsOrion Platform: 2016.1 - 2022.4.1
CPE2.3- cpe:2.3:a:solarwinds:orion_platform:2016.1:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2016.2:*:*:*:*:*:*:*
- cpe:2.3:a:solarwinds:orion_platform:2017.1:*:*:*:*:*:*:*
https://www.solarwinds.com/trust-center/security-advisories/cve-2022-38111
https://www.zerodayinitiative.com/advisories/ZDI-23-167/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
