Intrusion PreventionSolarWinds.NCM.VulnerabilitySettings.Arbitrary.File.Write
Description
This indicates an attack attempt to exploit an Arbitrary File Write Vulnerability in SolarWinds Network Configuration Manager.
The vulnerability is due to insufficient validation of file types for vulnerability announcement data files in VulnerabilitySettings.aspx, combined with a lack of restriction on destination paths. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to VulnerabilitySettings.aspx. Successful exploitation results in the writing of an arbitrary file to any location writable by SYSTEM, potentially leading to the execution of arbitrary code.
Affected Products
SolarWinds Network Configuration Manager prior to 2020.2.1 HF 2
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://support.solarwinds.com/SuccessCenter/s/article/NCM-2020-2-1-Hotfix-2?language=en_US
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-07-15 | 21.357 | Sig Added |
| 2021-11-10 | 18.194 | Sig Added |
| 2021-06-08 | 18.094 | Default_action:pass:drop |
| 2021-02-04 | 17.011 |
| ID | 49778 |
| Created | Jan 27, 2021 |
| Updated | Apr 24, 2023 |
| Risk |
|
| CVE ID | CVE-2020-27871 |
| Exploit Prediction Score | 36.0% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |