CVE-2020-12608
SolarWinds MSP PME Cache Service 1.1.14 - Insecure File Permissions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. This can lead to code execution by changing the CacheService.xml SISServerURL parameter.
Se detectó un problema en SolarWinds MSP PME (Patch Management Engine) Cache Service versiones anteriores a 1.1.15, en el Advanced Monitoring Agent. Posee permisos de archivo no seguros para %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config\. Esto puede conllevar a una ejecución de código al cambiar el parámetro SISServerURL del archivo CacheService.xml.
SolarWinds MSP PME Cache Service versions prior to 1.1.15 suffer from insecure file permission and code execution vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-01 CVE Reserved
- 2020-05-07 CVE Published
- 2020-05-11 First Exploit
- 2023-10-11 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-276: Incorrect Default Permissions
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Solarwinds Search vendor "Solarwinds" | Managed Service Provider Patch Management Engine Search vendor "Solarwinds" for product "Managed Service Provider Patch Management Engine" | < 1.1.15 Search vendor "Solarwinds" for product "Managed Service Provider Patch Management Engine" and version " < 1.1.15" | - |
Affected
| ||||||