CVE-2015-7839 – Solarwinds Log and Event Manager Command Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7839
SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality. SolarWinds Log y Event Manager (LEM) permite a atacantes remotos ejecutar comandos arbitrarios en ordenadores gestionados a través de una petición a services/messagebroker/nonsecurestreamingamf implicando la funcionalidad traceroute. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Log and Event Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within requests to /services/messagebroker/nonsecurestreamingamf utilizing the traceroute functionality. A command injection vulnerability exists which allows an attacker to execute arbitrary commands on all managed computers using the LEM agent connected to the Log and Event Manager. • http://www.zerodayinitiative.com/advisories/ZDI-15-461 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2015-7838 – Solarwinds Storage Manager ProcessFileUpload.jsp File Upload Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7838
ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors. ProcessFileUpload.jsp en SolarWinds Storage Manager en versiones anteriores a 6.2 permite a atacantes remotos cargar y ejecutar archivos arbitrarios a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within ProcessFileUpload.jsp within the handling of file uploads. The issue lies in the failure to sanitize the files uploaded, allowing them to be placed within directories accessible through the service. • http://www.solarwinds.com/documentation/srm/docs/releasenotes/releasenotes.htm http://www.zerodayinitiative.com/advisories/ZDI-15-460 • CWE-20: Improper Input Validation •
CVE-2015-5610
https://notcve.org/view.php?id=CVE-2015-5610
The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation. Vulnerabilidad en el servicio RSM (también conocido como RSMWinService) en SolarWinds N-Able N-Central anterior a 9.5.1.4514 utiliza la misma clave de descifrado de contraseña a través de la instalación a diferentes clientes, lo que hace más fácil para usuarios remotos autenticados obtener la contraseña dominio-administrador en texto plano por medio de localizar la contraseña cifrada con código fuente HTML y así aprovechar el conocimiento de la clave desde otra instalación. • http://www.kb.cert.org/vuls/id/912036 http://www.securityfocus.com/bid/75969 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-5371 – SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5371
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors. La clase AuthenticationFilter en SolarWinds Storage Manager permite a atacantes remotos subir y ejecutar secuencias de comandos arbitrarias a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AuthenticationFilter class. The issue lies in the ability to subvert the authentication filter. • http://www.securityfocus.com/bid/75515 http://www.zerodayinitiative.com/advisories/ZDI-15-275 - •
CVE-2015-2284 – SolarWinds Firewall Security Manager userlogin.jsp Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2284
userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. userlogin.jsp en SolarWinds Firewall Security Manager (FSM) anterior a 6.6.5 HotFix1 permite a atacantes remotos ganar privilegios y ejecutar código arbitrario a través de vectores no especificados, relacionado con el manejo de la sesión del cliente. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Firewall Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of client sessions. The issue lies in the ability to elevate to administrative privileges. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. • https://www.exploit-db.com/exploits/36679 http://www.zerodayinitiative.com/advisories/ZDI-15-107 http://downloads.solarwinds.com/solarwinds/Release/HotFix/FSM-v6.6.5-HotFix1.zip • CWE-264: Permissions, Privileges, and Access Controls •