SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)

A remote code execution vulnerability exists in SolarWinds Orion NPM. This vulnerability is due to missing access controls in the InvokeActionMethod method. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2019-8917

CVE-2019-8917 affects SolarWinds Orion NPM before version 12.4, with a vulnerability in the OrionModuleEngine service. The service exposes a NetTcpBinding endpoint and allows remote, unauthenticated clients to call publicly exposed methods. The InvokeActionMethod can be abused to execute commands...