Home | Research | Resources | Advisories | SolarWinds Orion NPM
Remote Code Execution
CVE ID
CVE-2019-8917
VENDOR
SolarWinds
PRODUCT
SolarWinds Orion NPM
Product version
12.3.5200.0
Vulnerability Details
SolarWinds Orion NPM suffers from a SYSTEM remote code execution vulnerability in the "OrionModuleEngine" service. This service establishes an NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The "InvokeActionMethod" method may be abused by an attacker to execute commands as the SYSTEM user.
Learn More →
Vendor response
Thanks to SolarWinds' prompt response, a fix is available in the 12.4 release.
Disclosure timeline
10-01-2018 - Disclosed to Vendor 10-02-2018 - Response from Vendor 10-08-2018 - Coordination of Patch and Disclosure with Vendor 12-04-2018 - Verified patch in 12.4 release