CVE-2012-2602
SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
3Exploited in Wild
-Decision
Descriptions
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en SolarWinds Orion Network Performance Monitor (NPM) antes de v10.3.1 permiten a atacantes remotos secuestrar la autentificación de los administradores para las peticiones que (1) crean cuentas de usuario a través de acciones CreateUserStepContainer a Admin/Cuentas/Agregar/OrionAccount.aspx o (2) modifican los privilegios de una cuenta a través de una acción ynAdminRights a Admin/accounts/EditAccount.aspx.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-05-09 CVE Reserved
- 2012-07-21 First Exploit
- 2012-08-12 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/84116 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/174119 | Third Party Advisory |
|
| http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/20011 | 2012-07-21 | |
| http://www.exploit-db.com/exploits/20011 | 2024-09-16 | |
| http://www.securityfocus.com/bid/54624 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/50004 | 2012-08-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Orion Network Performance Monitor Search vendor "Solarwinds" for product "Orion Network Performance Monitor" | <= 10.2.2 Search vendor "Solarwinds" for product "Orion Network Performance Monitor" and version " <= 10.2.2" | - |
Affected
| ||||||
| Solarwinds Search vendor "Solarwinds" | Orion Network Performance Monitor Search vendor "Solarwinds" for product "Orion Network Performance Monitor" | 10.1.13.0 Search vendor "Solarwinds" for product "Orion Network Performance Monitor" and version "10.1.13.0" | - |
Affected
| ||||||