Vulnerability in monitoring software

3. June 2020

CVE

CVE-2020-13912

Vulnerable software

SolarWinds “Advanced Monitoring Agent” before 10.8.9

Vulnerability

Insufficient authorization/ rights extension

Timeline

  • 18.05.2020 Manufacturer informed
  • 2020/05/20 Vendor confirms the vulnerability and informsHanseSecure that the vulnerability has been patched in version 10.8.9.
  • 03.06.2020 Disclosure

Description

The Advanced Monitoring Agent software up to version 10.8.9 was executed when each user (remote or local) logged in. The corresponding file can be modified by all users on the system. A malicious user could exchange the file with a modified version to execute arbitrary commands in the context of the logging user.

References:

You are currently viewing a placeholder content from Facebook. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

Similar posts

While doing my preperation for the OSCE i found an exploit for the coolpalyer+ version 2.19.1 from 2009. I decided to [...]

19. February 2018

  Vulnerable software FTP server 8.0f(g) Vulnerability Local Buffer Overflow (SEH protected)-> Code Execution Time Line 01/24/2018 Vendor informed 01/30/2018 [...]

20. February 2018

CVE CVE-2018-16231 Vulnerable software FTP server <= 8.4f Vulnerability Remote denial of service Timeline 30.01.2018 Seller informed(also local BO ) [...]

25. August 2018

CVE CVE-2018-7272 Vulnerable software AT 5.0.0, 5.1.0 Vulnerability Unauthorized access Timeline 15.12.2017 Seller informs X.01.2018  Manufacturer has patched vulnerability 24.01.2018 Manufacturer [...]

25. August 2018