Lucene search
Andrea Micalizzi aka rgodZDI-15-107HistoryMar 13, 2015 - 12:00 a.m.
SolarWinds Firewall Security Manager userlogin.jsp Remote Code Execution Vulnerability
2015-03-1300:00:00
Andrea Micalizzi aka rgod
www.zerodayinitiative.com
16
0.974 High
EPSS
Percentile
99.9%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Firewall Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of client sessions. The issue lies in the ability to elevate to administrative privileges. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.
Related
checkpoint_advisories
checkpoint_advisories
zdt
zdt
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling Exploit
2015-04-06 00:00:00
openvas
openvas
Solarwinds FSM RCE Vulnerability
2015-06-30 00:00:00
prion
prion
Session fixation
2015-03-24 17:59:00
packetstorm
packetstorm
Solarwinds Firewall Security Manager 6.6.5 Client Session Handling
2015-04-06 00:00:00
cvelist
cvelist
CVE-2015-2284
2015-03-24 17:00:00
nvd
nvd
CVE-2015-2284
2015-03-24 17:59:11
cve
cve
CVE-2015-2284
2015-03-24 17:59:11