Free call

Vulnerability in monitoring software

3. June 2020

CVE

CVE-2020-13912

Vulnerable software

SolarWinds “Advanced Monitoring Agent” before 10.8.9

Vulnerability

Insufficient authorization/ rights extension

Timeline

  • 18.05.2020 Manufacturer informed
  • 2020/05/20 Vendor confirms the vulnerability and informsHanseSecure that the vulnerability has been patched in version 10.8.9.
  • 03.06.2020 Disclosure

Description

The Advanced Monitoring Agent software up to version 10.8.9 was executed when each user (remote or local) logged in. The corresponding file can be modified by all users on the system. A malicious user could exchange the file with a modified version to execute arbitrary commands in the context of the logging user.

References:

Similar posts

CVE-2009-1437: RCE in CoolPlayer+ <= 2.19.6 (Windows 10 Pro)

While doing my preperation for the OSCE i found an nbsp exploit for the coolpalyer+ version 2 19 1 from [...]

Read more

19. February 2018

Vulnerability: Local Buffer Overflow in Personal FTP Server 8.0f(g)

nbsp Vulnerable software FTP server 8 0f g Vulnerability Local Buffer Overflow SEH protected gt Code Execution Time Line [...]

Weiterlesen

20. February 2018

CVE-2018-16231: Remote DoS in Personal FTP Server <= 8.4f

CVE CVE 2018 16231 Vulnerable software FTP server lt = 8 4f Vulnerability Remote denial of service Timeline 30 01 [...]

Read more

25. August 2018

CVE-2018-7272: AM 5.0.0, 5.1.0

CVE CVE 2018 7272 Vulnerable software AT nbsp 5 0 0 5 1 0 Vulnerability Unauthorized access Timeline 15 12 [...]

Weiterlesen

25. August 2018