CVE-2020-15909

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantage of this, cookie could be stolen and the JSESSIONID can be captured. On its own this is not a surprising result; low security tools allow the cookie to roam from machine to machine. The JSESSION cookie can then be used on the attackers’ workstation by browsing to the victim’s NCentral server URL and replacing the JSESSIONID attribute value by the captured value. Expected behavior would be to check this against a second source and enforce at least a reauthentication or multi factor request as N-Central is a highly privileged service.

SolarWinds N-central versiones hasta 2020.1, permite el secuestro de sesiones y requiere la interacción del usuario o acceso físico. El atributo de la cookie JSESSIONID de N-Central no se compara con varias fuentes, como sourceip, MFA claim, etc., siempre que la víctima permanezca conectada dentro de N-Central. Para aprovechar esto, se podría robar la cookie y capturar el JSESSIONID. Por sí solo, este no es un resultado sorprendente; las herramientas de baja seguridad permiten que la cookie se mueva de una máquina a otra. La cookie JSESSION se puede usar en la estación de trabajo de los atacantes navegando hasta la URL del servidor NCentral de la víctima y reemplazando el valor del atributo JSESSIONID por el valor capturado. El comportamiento esperado sería comparar esto con una segunda fuente y hacer cumplir al menos una nueva autenticación o una petición de múltiples factores, ya que N-Central es un servicio con muchos privilegios

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-07-23 CVE Reserved
2020-10-19 CVE Published
2024-02-22 EPSS Updated
2024-08-04 CVE Updated
2024-08-04 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-384: Session Fixation

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://limenetworks.nl/wp-content/uploads/CVE-934261-v-1.2.pdf	2024-08-04

URL	Date	SRC

URL	Date	SRC
https://www.solarwindsmsp.com/products/n-central	2020-10-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Solarwinds Search vendor "Solarwinds"		N-central Search vendor "Solarwinds" for product "N-central"				<= 2020.1 Search vendor "Solarwinds" for product "N-central" and version " <= 2020.1"		-		Affected