Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:SOLARWINDS-ORION-NPM-RCE |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
SolarWinds Orion NPM OrionModuleEngine Remote Code Execution |
Release Date |
2019/06/04 |
Update Number |
3177 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: SolarWinds Orion NPM OrionModuleEngine Remote Code Execution
This signature detects attempts to exploit a known vulnerability against SolarWinds Orion NPM. A successful attack can lead to arbitrary code execution.
Extended Description
SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The InvokeActionMethod method may be abused by an attacker to execute commands as the SYSTEM user.
Affected Products
- Solarwinds orion_network_performance_monitor -
- Solarwinds orion_network_performance_monitor 10.0
- Solarwinds orion_network_performance_monitor 10.1
- Solarwinds orion_network_performance_monitor 10.1.13.0
- Solarwinds orion_network_performance_monitor 10.2
- Solarwinds orion_network_performance_monitor 10.2.1
- Solarwinds orion_network_performance_monitor 10.2.2
- Solarwinds orion_network_performance_monitor 10.3
- Solarwinds orion_network_performance_monitor 10.3.1
- Solarwinds orion_network_performance_monitor 11.4
- Solarwinds orion_network_performance_monitor 12.0
- Solarwinds orion_network_performance_monitor 12.0.1
- Solarwinds orion_network_performance_monitor 12.1
- Solarwinds orion_network_performance_monitor 12.2
- Solarwinds orion_network_performance_monitor 12.3
References
- CVE: CVE-2019-8917