virus logo Intrusion Prevention

SolarWinds.Storage.Manager.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt against an Arbitrary File Upload vulnerability in Solarwinds Storage Manager.
The vulnerability is due to insufficient sanitizing of user supplied inputs when handling an crafted file in the vulnerable interface. It allows a remote attacker to upload an arbitrary file onto vulnerable systems.

affected-products-logoAffected Products

Solarwinds Storage Manager 5.7.1 and prior

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://www.exploit-db.com/exploits/34671/ http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm http://www.zerodayinitiative.com/advisories/ZDI-14-299/
ID 39241
Created Oct 14, 2014
Updated Nov 03, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
CVE ID
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other