CVE-2023-40062

2023-11-0116:15:08

CWE-20

[email protected]

web.nvd.nist.gov

solarwinds

cve

2023

40062

rce

vulnerability

nvd

security

exploit

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.

Affected configurations

NVD

Node

solarwindssolarwinds_platformRange<2023.4

CPENameOperatorVersion
solarwinds:solarwinds_platformsolarwinds solarwinds platformlt2023.4

CPE	Name	Operator	Version
solarwinds:solarwinds_platform	solarwinds solarwinds platform	lt	2023.4

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SolarWinds Platform ",
    "vendor": "SolarWinds ",
    "versions": [
      {
        "status": "affected",
        "version": "2023.3.1 and previous versions "
      }
    ]
  }
]