// For flags

CVE-2015-7839

Solarwinds Log and Event Manager Command Injection Remote Code Execution Vulnerability

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.

SolarWinds Log y Event Manager (LEM) permite a atacantes remotos ejecutar comandos arbitrarios en ordenadores gestionados a través de una petición a services/messagebroker/nonsecurestreamingamf implicando la funcionalidad traceroute.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Solarwinds Log and Event Manager. Authentication is not required to exploit this vulnerability.
The specific flaw exists within requests to /services/messagebroker/nonsecurestreamingamf utilizing the traceroute functionality. A command injection vulnerability exists which allows an attacker to execute arbitrary commands on all managed computers using the LEM agent connected to the Log and Event Manager. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the agent application.

*Credits: Matt Molinyawe - HP Zero Day Initiative
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-10-07 CVE Published
  • 2015-10-15 CVE Reserved
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (1)
URL Tag Source
http://www.zerodayinitiative.com/advisories/ZDI-15-461 X_refsource_misc
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Solarwinds
Search vendor "Solarwinds"
 Log And Event Manager
Search vendor "Solarwinds" for product "Log And Event Manager"
*-
Affected