Lucene search
K

9 matches found

Check Point Advisories
Check Point Advisories
added 2021/11/28 12:0 a.m.8 views

SolarWinds Orion Platform Authentication Bypass (CVE-2020-10148)

An authentication bypass vulnerability exists in SolarWinds Orion API. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...

7.5CVSS9.1AI score0.9198EPSS
Exploits3
The Hacker News
The Hacker News
added 2021/03/09 9:58 a.m.5 views

SolarWinds Hack — New Evidence Suggests Potential Links to Chinese Hackers

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. In a report published by Secureworks on Monday, the cybersecurity firm attributed the...

9.8CVSS7.6AI score0.9198EPSS
Exploits3
GithubExploit
GithubExploit
added 2021/01/05 1:42 p.m.99 views

Exploit for Missing Authentication for Critical Function in Solarwinds Orion_Platform

Usage & Disclaimer This script is a batch detection script f...

9.8CVSS8AI score0.9198EPSS
Exploits3
NVD
NVD
added 2020/12/29 10:15 p.m.32 views

CVE-2020-10148

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds...

9.8CVSS9.9AI score0.9198EPSS
Exploits3References4
CVE
CVE
added 2020/12/29 9:55 p.m.1142 views

CVE-2020-10148

CVE-2020-10148 is a vulnerability in the SolarWinds Orion API where an authentication bypass can allow a remote attacker to execute API commands, potentially compromising the Orion instance. Affected are SolarWinds Orion Platform versions 2019.4 HF5, 2020.2 with no hotfix, and 2020.2 HF1. The vul...

9.8CVSS9.8AI score0.9198EPSS
In wildExploits3References4Affected Software1
GithubExploit
GithubExploit
added 2020/12/29 3:17 a.m.80 views

Exploit for Missing Authentication for Critical Function in Solarwinds Orion_Platform

CVE-2020-10148 Solarwinds Orion Download CVE-2020-10148.py...

9.8CVSS9.8AI score0.9198EPSS
Exploits3
Circl
Circl
added 2020/12/28 10:40 a.m.19 views

CVE-2020-10148

creationtimestamp| type| source ---|---|--- 2020-12-28 10:40:02+00:00| exploited| https://t.me/SecLabNews/9489 2020-12-28 14:17:56+00:00| seen| https://t.me/truesecator/1296 2020-12-30 14:26:54+00:00| published-proof-of-concept| https://t.me/canyoupwnme/6698 2020-12-31 18:23:59+00:00| exploited|...

9.8CVSS7.4AI score0.9198EPSS
In wildExploits3References11
Tenable Nessus
Tenable Nessus
added 2020/12/28 12:0 a.m.112 views

SolarWinds Orion Platform < 2019.4 HF6 / 2020.2 < 2020.2.1 HF2 Authentication Bypass (SUPERNOVA)

The version of SolarWinds Orion Platform running on the remote host is prior to 2019.4 HF6 or 2020.2 prior to 2020.2.1 HF 2. It is, therefore, affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this, via a specially crafted web request, to bypass...

9.8CVSS8.8AI score0.9198EPSS
Exploits3References7
Rapid7 Blog
Rapid7 Blog
added 2020/12/14 6:23 p.m.55 views

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform, which is used by organizations to monitor and manage IT infrastructure. FireEye has given the campaign an identifier of UNC2452 and is further...

7.5CVSS9.8AI score0.9198EPSS
Exploits3
Rows per page
Query Builder