Lucene search
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day InitiativeZDI-23-458HistoryApr 24, 2023 - 12:00 a.m.
SolarWinds Network Performance Monitor TFTP Link Following Local Privilege Escalation Vulnerability
2023-04-2400:00:00
Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
11
solarwinds
npm
tftp
privilege escalation
vulnerability
local attackers
low-privileged code
configuration
junction
arbitrary files
system
0.001 Low
EPSS
Percentile
20.2%
This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of the TFTP Server service. By creating a junction, an attacker can abuse the service to create or read arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
cve
cve
CVE-2022-47505
2023-04-21 20:15:07
prion
prion
Privilege escalation
2023-04-21 20:15:00
nvd
nvd
CVE-2022-47505
2023-04-21 20:15:07
cvelist
cvelist
CVE-2022-47505 SolarWinds Platform Local Privilege Escalation Vulnerability
2023-04-21 00:00:00
nessus
nessus
SolarWinds Platform 2023.0 < 2023.2 Multiple Vulnerabilities
2023-04-18 00:00:00