CVE Details
ID CVE-2021-25274
Summary The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.
References
Vulnerable Configurations
  • cpe:2.3:a:solarwinds:orion_platform:2016.1:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2016.1:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2016.1:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2016.1:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2016.1:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2016.1:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2016.1:hotfix4:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2016.1:hotfix4:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2016.2:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2016.2:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2016.2:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2016.2:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2017.1:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2017.1:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2017.1:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2017.1:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2017.1:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2017.1:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix4:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix4:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix5:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2017.3:hotfix5:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix4:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix4:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix5:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix5:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix6:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.2:hotfix6:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.4:-:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.4:-:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.4:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.4:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.4:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.4:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2018.4:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2018.4:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.2:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.2:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.2:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.2:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.2:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.2:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.4:-:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.4:-:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix2:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix2:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix3:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix3:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix4:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix4:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2020.2:-:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2020.2:-:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2020.2:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2020.2:hotfix1:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2020.2.1:-:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2020.2.1:-:*:*:*:*:*:*
  • cpe:2.3:a:solarwinds:orion_platform:2020.2.1:hotfix1:*:*:*:*:*:*
    cpe:2.3:a:solarwinds:orion_platform:2020.2.1:hotfix1:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 08-02-2021 - 14:56)
Impact: 10.0
Exploitability:10.0
CWE CWE-502
CAPEC Click the CAPEC title to display a description
  • An adversary attempts to exploit an application by injecting additional, malicious content during its processing of serialized objects. Developers leverage serialization in order to convert data or state into a static, binary format for saving to disk or transferring over a network. These objects are then deserialized when needed to recover the data/state. By injecting a malformed object into a vulnerable application, an adversary can potentially compromise the application by manipulating the deserialization process. This can result in a number of unwanted outcomes, including remote code execution.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
CVSS v3.1
Base: 9.8 (as of 08-02-2021 - 14:56)
Impact: 5.9
Exploitability:3.9
Exploitability v3.1
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE UNCHANGED NONE
Impact v3.1
ConfidentialityIntegrityAvailability
HIGH HIGH HIGH
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
cvss3-vector via4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Last major update 08-02-2021 - 14:56
Published 03-02-2021 - 17:15
Last modified 08-02-2021 - 14:56
Back to Top