Lucene search
MitreCVELIST:CVE-2021-25274HistoryFeb 03, 2021 - 4:49 p.m.
CVE-2021-25274
2021-02-0316:49:26
mitre
www.cve.org
2
The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesnβt set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
Related
cve
cve
CVE-2021-25274
2021-02-03 17:15:16
nessus
nessus
SolarWinds Orion Platform < 2019.4.2 Remote Code Execution
2021-02-09 00:00:00
SolarWinds Orion Platform < 2020.2.4 Multiple Vulnerabilities
2021-02-09 00:00:00
prion
prion
Design/Logic Flaw
2021-02-03 17:15:00
nvd
nvd
CVE-2021-25274
2021-02-03 17:15:16
rapid7blog
rapid7blog
threatpost
threatpost
SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover
2021-02-03 11:00:21
thn
thn
3 New Severe Security Vulnerabilities Found In SolarWinds Software
2021-02-03 11:31:00
Another Critical RCE Flaw Discovered in SolarWinds Orion Platform
2021-03-26 05:07:00
attackerkb
attackerkb
SolarWinds Orion Platform Unauthenticated RCE (CVE-2021-25274)
2021-02-03 00:00:00
securelist
securelist
Kaspersky Security Bulletin 2020-2021. EU statistics
2021-05-26 10:00:32
IT threat evolution Q1 2021. Non-mobile statistics
2021-05-31 10:00:05