SolarWinds Orion NPM OrionModuleEngine Remote Code Execution (CVE-2019-8917)

A remote code execution vulnerability exists in SolarWinds Orion NPM. This vulnerability is due to missing access controls in the InvokeActionMethod method. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Remote code execution

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...

CVE-2019-8917

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...

CVE-2019-8917

SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method ma...