HomeAdvisoriesSolarWinds Orion NPM

SolarWinds Orion NPM

Remote Code Execution

Previous AdvisoryNext Advisory

CVE ID

CVE-2019-8917

Vendor

SolarWinds

Product

SolarWinds Orion NPM

Product Version

12.3.5200.0

Vulnerability Details

SolarWinds Orion NPM suffers from a SYSTEM remote code execution vulnerability in the “OrionModuleEngine” service. This service establishes an NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The “InvokeActionMethod” method may be abused by an attacker to execute commands as the SYSTEM user.

Learn more

Vendor Response

Thanks to SolarWinds’ prompt response, a fix is available in the 12.4 release.

Disclosure Timeline

01.10.2018
Disclosed to Vendor
02.10.2018
Response from Vendor
08.10.2018
Coordination of Patch and Disclosure with Vendor
04.12.2018
Verified patch in 12.4 release

Previous AdvisoryNext Advisory

A Look at RACI Models within Application Threat Modeling

Offensive Security

DevSecOps

GRC Services

Threat Intelligence

VS-Labs Security Research

Envisions Geopolitical Threat Report:

By Industry

Chrome Exploitation: How to easily launch a Chrome RCE+SBX exploit chain with one command

Security Resources

5 Steps to Implement an Application Threat Modeling Program

Who We Are

SolarWinds Orion NPM

CVE ID

Vendor

Product

Product Version

Vulnerability Details

Vendor Response

Disclosure Timeline