SolarWinds Platform Command Injection Vulnerability - 20230426009¶
Overview¶
SolarWinds have published details of a vulnerability in their SolarWinds Platform that may allow arbitrary command execution. An update is available to address the vulnerability.
What is the vulnerability?¶
Please see SolarWinds Platform Command Injection Vulnerability (CVE-2022-36963) for an overview of the following vulnerability.
- CVE-2022-36963 - CVSS v3 Base Score: 8.1
- The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.
What is vulnerable?¶
The vulnerability affects the following products:
- SolarWinds Platform 2023.1 and earlier
What has been observed?¶
SolarWinds have published the vulnerability and encourages users and administrators to update the vulnerable software.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices: See SolarWinds.