// For flags

CVE-2015-5371

SolarWinds Storage Manager AuthenticationFilter Remote Code Execution Vulnerability

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors.

La clase AuthenticationFilter en SolarWinds Storage Manager permite a atacantes remotos subir y ejecutar secuencias de comandos arbitrarias a través de vectores no especificados.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the AuthenticationFilter class. The issue lies in the ability to subvert the authentication filter. An attacker can leverage this vulnerability to upload malicious scripts that can then be used to execute code under the context of SYSTEM.

*Credits: Andrea Micalizzi (rgod)
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-08-19 First Exploit
  • 2015-06-30 CVE Published
  • 2015-07-06 CVE Reserved
  • 2024-08-06 CVE Updated
  • 2024-09-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Solarwinds
Search vendor "Solarwinds"
 Storage Manager
Search vendor "Solarwinds" for product "Storage Manager"
--
Affected