virus logo Intrusion Prevention

SolarWinds.Orion.NPM.Multiple.Security.Vulnerabilities

description-logoDescription

SolarWinds Orion Network Performance Monitor (NPM) is a powerful Network Fault & Availability Management software.
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file. (CVE-2012-2577)
Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx. (CVE-2012-2602)

affected-products-logoAffected Products

SolarWinds Orion NPM before 10.3.1

Impact logoImpact

The vulnerabilities could allow remote attackers to inject arbitrary web script/HTML, or hijack the authentication of administrators from the target system.

recomended-action-logoRecommended Actions

The vendor has released NPM 10.3.1 to address the issues. The update is available from the Solarwinds Customer Portal:
http://customerportal.solarwinds.com/customerportal/

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 34064
Created Dec 04, 2012
Updated Dec 04, 2012
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Exploit Prediction Score 21.83%
Default Action Unavailable
Active
Profile Type N/A