Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SOLARWINDS_ORION_CVE-2020-14005.NASL
HistoryDec 18, 2020 - 12:00 a.m.

SolarWinds Orion Platform < 2020.2.1 HF2 Multiple Vulnerabilities

2020-12-1800:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
138

8.5 High

AI Score

Confidence

High

JSON

According to its self-reported version number, the version of SolarWinds Orion Platform is prior to 2020.2.1 hot fix 2.
It is, therefore, affected by multiple vulnerabilities:

  • A remote code execution vulnerability exists in the ExecuteVBScript method due to improper validation of a user-supplied string before using it to execute a system call. An authenticated, remote attacker can exploit this issue to execute arbitrary commands with SYSTEM privileges. (CVE-2020-14005)

  • An SQL injection (SQLi) privilege escalation vulnerability exists in the WriteToFile method due to improper validation of a user-supplied string used to construct SQL queries. An authenticated, remote attacker can exploit this issue via SQLi to escalate privileges and reset the password for the Admin user.
    (CVE-2020-27869)

  • An information disclosure vulnerability exists in ExportToPDF.aspx due to lack of proper validation of a user-supplied path prior to it’s use in file operations. An authenticated, remote attacker can exploit this issue, to disclose potentially sensitive information in the context of SYSTEM. (CVE-2020-27870)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable Network Security, Inc.
##

include('compat.inc');

if (description)
{
  script_id(144449);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/01");

  script_cve_id(
    "CVE-2019-11358",
    "CVE-2020-14005",
    "CVE-2020-27869",
    "CVE-2020-27870",
    "CVE-2020-27871"
  );
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"SolarWinds Orion Platform < 2020.2.1 HF2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"An application running on the remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version number, the version of SolarWinds Orion Platform is prior to 2020.2.1 hot fix 2.
It is, therefore, affected by multiple vulnerabilities:

  - A remote code execution vulnerability exists in the ExecuteVBScript method due to improper validation of
    a user-supplied string before using it to execute a system call. An authenticated, remote attacker can
    exploit this issue to execute arbitrary commands with SYSTEM privileges. (CVE-2020-14005)

  - An SQL injection (SQLi) privilege escalation vulnerability exists in the WriteToFile method due to
    improper validation of a user-supplied string used to construct SQL queries. An authenticated, remote
    attacker can exploit this issue via SQLi to escalate privileges and reset the password for the Admin user.
    (CVE-2020-27869)
  
  - An information disclosure vulnerability exists in ExportToPDF.aspx due to lack of proper validation of a 
    user-supplied path prior to it's use in file operations. An authenticated, remote attacker can exploit
    this issue, to disclose potentially sensitive information in the context of SYSTEM. (CVE-2020-27870)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ca60321d");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-21-064/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-21-065/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-21-066/");
  script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-21-067/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to SolarWinds Orion Platform 2020.2.1 hot fix 2 or later.");
  script_set_attribute(attribute:"agent", value:"windows");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27871");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-27869");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/18");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:solarwinds:orion_network_performance_monitor");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:solarwinds:orion_platform");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("solarwinds_orion_npm_detect.nasl", "solarwinds_orion_installed.nbin");
  script_require_keys("installed_sw/SolarWinds Orion Core");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

vcf::solarwinds_orion::initialize();
app_info = vcf::solarwinds_orion::combined_get_app_info();

constraints = [
  {'fixed_version' : '2020.2.1 HF2' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, flags:{sqli:TRUE});
VendorProductVersionCPE
solarwindsorion_network_performance_monitorcpe:/a:solarwinds:orion_network_performance_monitor
solarwindsorion_platformcpe:/a:solarwinds:orion_platform

Related

checkpoint_advisories 2
prion 5
zdi 5
cve 6
osv 10
atlassian 9
veracode 1
nessus 43
openvas 27
alpinelinux 1
debian 6
githubexploit 5
ibm 33
joomla 1
hackerone 1
drupal 1
ubuntucve 1
debiancve 1
fedora 9
redhat 9
amazon 1
redhatcve 1
symantec 1
f5 1
typo3 1
github 1
freebsd 2
oraclelinux 3
attackerkb 1
cnvd 1
archlinux 1
rocky 2
altlinux 2
suse 2
mageia 1
almalinux 1
centos 1
checkpoint_advisories
checkpoint_advisories
SolarWinds Orion Arbitrary File Write (CVE-2020-27871)
2022-11-06 00:00:00
jQuery Prototype Pollution Object Cross-Site Scripting (CVE-2019-11358)
2019-04-29 00:00:00
prion
prion
Design/Logic Flaw
2021-02-10 23:15:00
Design/Logic Flaw
2021-02-10 23:15:00
Design/Logic Flaw
2021-02-12 00:15:00
zdi
zdi
SolarWinds Orion Platform ExportToPDF Directory Traversal Information Disclosure Vulnerability
2021-09-20 00:00:00
SolarWinds Network Performance Monitor WriteToFile SQL Injection Privilege Escalation Vulnerability
2021-09-20 00:00:00
SolarWinds Network Performance Monitor ExecuteVBScript Command Injection Remote Code Execution Vulnerability
2021-09-20 00:00:00
cve
cve
CVE-2020-14005
2020-06-24 14:15:00
CVE-2020-27870
2021-02-10 23:15:00
CVE-2020-27871
2021-02-10 23:15:00
osv
osv
jquery - security update
2019-05-06 00:00:00
otrs2 - security update
2020-02-24 00:00:00
CVE-2019-11358
2019-04-20 00:29:00
atlassian
atlassian
jQuery 2.2.4 is vulnerable to prototype pollution
2019-05-13 01:57:29
Address CVE-2019-11358 in the bundled version of jQuery
2019-07-08 22:57:45
Update jQuery to address CVE-2019-11358
2019-08-01 05:11:29
veracode
veracode
Prototype Pollution
2019-04-22 03:41:01
nessus
nessus
Amazon Linux 2 : pcs (ALAS-2023-1905)
2023-01-24 00:00:00
Fedora 30 : drupal7 (2019-2a0ce0c58c)
2019-05-09 00:00:00
Fedora 29 : drupal7 (2019-a06dffab1c)
2019-05-09 00:00:00
openvas
openvas
Drupal jQuery XSS Vulnerability (SA-CORE-2019-006) - Linux
2019-04-24 00:00:00
Django jQuery Vulnerability - Windows
2019-06-26 00:00:00
Debian: Security Advisory (DLA-1777-1)
2019-05-07 00:00:00
alpinelinux
alpinelinux
CVE-2019-11358
2019-04-20 00:29:00
debian
debian
[SECURITY] [DLA 2118-1] otrs2 security update
2020-02-24 17:03:32
[SECURITY] [DSA 4434-1] drupal7 security update
2019-04-20 12:03:09
[SECURITY] [DSA 4434-1] drupal7 security update
2019-04-20 12:03:09
githubexploit
githubexploit
Exploit for Prototype Pollution in Jquery
2020-12-01 09:18:58
Exploit for Prototype Pollution in Jquery
2019-07-18 19:15:33
Exploit for Prototype Pollution in Jquery
2021-03-08 11:34:11
ibm
ibm
Security Bulletin: IBM Security Guardium Insights is affected by a jQuery vulnerabilitiy (CVE-2019-11358)
2021-10-06 12:30:35
Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2019-11358)
2019-12-20 08:47:33
Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability
2019-06-05 06:20:01
joomla
joomla
[20190403] - Core - Object.prototype pollution in JQuery $.extend
2019-03-25 00:00:00
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack through jQuery $.extend
2018-12-03 15:53:20
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006
2019-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2019-11358
2019-04-20 00:00:00
debiancve
debiancve
CVE-2019-11358
2019-04-20 00:29:00
fedora
fedora
[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30
2019-05-09 01:34:20
[SECURITY] Fedora 29 Update: drupal7-7.66-1.fc29
2019-05-09 03:18:10
[SECURITY] Fedora 30 Update: drupal7-7.69-1.fc30
2020-01-04 22:16:18
redhat
redhat
(RHSA-2020:5581) Moderate: python-XStatic-jQuery security update
2020-12-16 12:57:14
(RHSA-2020:1325) Moderate: python-XStatic-jQuery security update
2020-04-06 08:40:52
(RHSA-2019:2587) Moderate: CloudForms 4.7.9 security, bug fix and enhancement update
2019-09-05 05:18:52
amazon
amazon
Medium: pcs
2023-01-18 00:16:00
redhatcve
redhatcve
CVE-2019-11358
2021-07-18 00:15:31
symantec
symantec
JQuery CVE-2019-11358 Cross Site Scripting Vulnerability
2019-04-17 00:00:00
f5
f5
K20455158 : jQuery vulnerability CVE-2019-11358
2020-04-14 00:00:00
typo3
typo3
Cross-Site Scripting in jQuery before 3.4.0
2019-05-07 00:00:00
github
github
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
2019-04-26 16:29:11
freebsd
freebsd
Django -- AdminURLFieldWidget XSS
2019-06-03 00:00:00
mediawiki -- multiple vulnerabilities
2019-04-23 00:00:00
oraclelinux
oraclelinux
pcs security update
2022-11-03 00:00:00
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-10 00:00:00
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
attackerkb
attackerkb
CVE-2019-11358
2019-04-20 00:00:00
cnvd
cnvd
Silverstripe framework cross-site scripting vulnerability
2022-11-23 00:00:00
archlinux
archlinux
[ASA-201906-2] python-django: cross-site scripting
2019-06-04 00:00:00
rocky
rocky
pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
Security fix for the ALT Linux 9 package mediawiki version 1.32.2-alt1
2019-06-13 00:00:00
suse
suse
Security update for python-Django (moderate)
2019-08-14 00:00:00
Security update for python-Django (moderate)
2019-08-08 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2019-09-15 17:45:31
almalinux
almalinux
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36
centos
centos
ipa, python2 security update
2020-10-20 18:15:27

8.5 High

AI Score

Confidence

High

JSON
Related for SOLARWINDS_ORION_CVE-2020-14005.NASL
checkpoint_advisories2prion5zdi5cve6osv10atlassian9veracode1nessus43openvas27alpinelinux1debian6githubexploit5ibm33joomla1hackerone1drupal1ubuntucve1debiancve1fedora9redhat9amazon1redhatcve1symantec1f51typo31github1freebsd2oraclelinux3attackerkb1cnvd1archlinux1rocky2altlinux2suse2mageia1almalinux1centos1