{"id":7404,"date":"2020-06-03T23:47:18","date_gmt":"2020-06-03T21:47:18","guid":{"rendered":"https:\/\/hansesecure.de\/2020\/06\/vulnerability-in-monitoring-software\/"},"modified":"2025-01-07T08:22:10","modified_gmt":"2025-01-07T07:22:10","slug":"vulnerability-in-monitoring-software","status":"publish","type":"post","link":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/","title":{"rendered":"Vulnerability in monitoring software"},"content":{"rendered":"\n<figure class=\"wp-block-image alignright size-large is-resized\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/hansesecure.de\/wp-banane\/uploads\/2020\/06\/hansesecure-monitoring.jpg\" alt=\"\" class=\"wp-image-1602\" width=\"403\" height=\"302\"\/><\/figure>\n\n<h2 class=\"wp-block-heading\">CVE<\/h2>\n\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-13912\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2020-13912<\/a><\/p>\n\n<h2 class=\"wp-block-heading\">Vulnerable software<\/h2>\n\n<p>SolarWinds &#8220;Advanced Monitoring Agent&#8221; before 10.8.9  <\/p>\n\n<h2 class=\"wp-block-heading\">Vulnerability<\/h2>\n\n<p>Insufficient authorization\/ rights extension<\/p>\n\n<h2 class=\"wp-block-heading\">Timeline<\/h2>\n\n<ul class=\"wp-block-list\">\n<li>18.05.2020 Manufacturer informed<\/li>\n\n\n\n<li>2020\/05\/20 Vendor confirms the vulnerability and informsHanseSecure that the vulnerability has been patched in version 10.8.9.<\/li>\n\n\n\n<li>03.06.2020 Disclosure<\/li>\n<\/ul>\n\n<h2 class=\"wp-block-heading\">Description<\/h2>\n\n<p>The <a href=\"https:\/\/www.solarwindsmsp.com\/content\/advanced-monitoring-agent\" target=\"_blank\" rel=\"noreferrer noopener\">Advanced Monitoring Agent<\/a> software up to version 10.8.9 was executed when each user (remote or local) logged in. The corresponding file can be modified by all users on the system. A malicious user could exchange the file with a modified version to execute arbitrary commands in the context of the logging user.<\/p>\n\n<h2 class=\"wp-block-heading\">References:<\/h2>\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/275.html\" target=\"_blank\" rel=\"noreferrer noopener\">CWE CATEGORY: Permission Issues<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/status.solarwindsmsp.com\/2020\/06\/15\/solarwinds-rmm-security-notice-regarding-an-agent-vulnerability-pre-v10-8-9\/#more-19721\" target=\"_blank\" rel=\"noreferrer noopener\">Acknowledgement<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>CVE CVE-2020-13912 Vulnerable software SolarWinds &#8220;Advanced Monitoring Agent&#8221; before 10.8.9 Vulnerability Insufficient authorization\/ rights extension Timeline Description The Advanced Monitoring Agent software up to version 10.8.9 was executed when each user (remote or local) logged in. The corresponding file can be modified by all users on the system. A malicious user could exchange the file [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":7024,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[256,261],"tags":[266],"class_list":["post-7404","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cve-en","category-vulnerabilities","tag-migration-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Vulnerability in monitoring software &#8211; HanseSecure GmbH<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Vulnerability in monitoring software &#8211; HanseSecure GmbH\" \/>\n<meta property=\"og:description\" content=\"CVE CVE-2020-13912 Vulnerable software SolarWinds &#8220;Advanced Monitoring Agent&#8221; before 10.8.9 Vulnerability Insufficient authorization\/ rights extension Timeline Description The Advanced Monitoring Agent software up to version 10.8.9 was executed when each user (remote or local) logged in. The corresponding file can be modified by all users on the system. A malicious user could exchange the file [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/\" \/>\n<meta property=\"og:site_name\" content=\"HanseSecure GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/hansesecure\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-03T21:47:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-07T07:22:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hansesecure.de\/wp-content\/uploads\/2020\/06\/blog-solarwinds.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"HanseSecure\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:site\" content=\"@CyberWarship\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"HanseSecure\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/\"},\"author\":{\"name\":\"HanseSecure\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\"},\"headline\":\"Vulnerability in monitoring software\",\"datePublished\":\"2020-06-03T21:47:18+00:00\",\"dateModified\":\"2025-01-07T07:22:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/\"},\"wordCount\":96,\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/blog-solarwinds.jpg\",\"keywords\":[\"Migration\"],\"articleSection\":[\"CVE\",\"Vulnerabilities\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/\",\"name\":\"Vulnerability in monitoring software &#8211; HanseSecure GmbH\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/blog-solarwinds.jpg\",\"datePublished\":\"2020-06-03T21:47:18+00:00\",\"dateModified\":\"2025-01-07T07:22:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/#primaryimage\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/blog-solarwinds.jpg\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/blog-solarwinds.jpg\",\"width\":400,\"height\":300},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/2020\\\/06\\\/vulnerability-in-monitoring-software\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Vulnerability in monitoring software\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"name\":\"HanseSecure GmbH\",\"description\":\"Choose the Intruder\",\"publisher\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#organization\",\"name\":\"HanseSecure GmbH\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"contentUrl\":\"https:\\\/\\\/hansesecure.de\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png\",\"width\":512,\"height\":512,\"caption\":\"HanseSecure GmbH\"},\"image\":{\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/facebook.com\\\/hansesecure\",\"https:\\\/\\\/x.com\\\/CyberWarship\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/hansesecure\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCAABbKOA_stDFkEKS3MSF7Q\",\"https:\\\/\\\/www.instagram.com\\\/hansesecure\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hansesecure.de\\\/en\\\/#\\\/schema\\\/person\\\/6ec6ef4887ff2fc97a14f1a7f390f593\",\"name\":\"HanseSecure\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g\",\"caption\":\"HanseSecure\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Vulnerability in monitoring software &#8211; HanseSecure GmbH","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/","og_locale":"en_US","og_type":"article","og_title":"Vulnerability in monitoring software &#8211; HanseSecure GmbH","og_description":"CVE CVE-2020-13912 Vulnerable software SolarWinds &#8220;Advanced Monitoring Agent&#8221; before 10.8.9 Vulnerability Insufficient authorization\/ rights extension Timeline Description The Advanced Monitoring Agent software up to version 10.8.9 was executed when each user (remote or local) logged in. The corresponding file can be modified by all users on the system. A malicious user could exchange the file [&hellip;]","og_url":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/","og_site_name":"HanseSecure GmbH","article_publisher":"https:\/\/facebook.com\/hansesecure","article_published_time":"2020-06-03T21:47:18+00:00","article_modified_time":"2025-01-07T07:22:10+00:00","og_image":[{"width":400,"height":300,"url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2020\/06\/blog-solarwinds.jpg","type":"image\/jpeg"}],"author":"HanseSecure","twitter_card":"summary_large_image","twitter_creator":"@CyberWarship","twitter_site":"@CyberWarship","twitter_misc":{"Written by":"HanseSecure"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/#article","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/"},"author":{"name":"HanseSecure","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593"},"headline":"Vulnerability in monitoring software","datePublished":"2020-06-03T21:47:18+00:00","dateModified":"2025-01-07T07:22:10+00:00","mainEntityOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/"},"wordCount":96,"publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2020\/06\/blog-solarwinds.jpg","keywords":["Migration"],"articleSection":["CVE","Vulnerabilities"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/","url":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/","name":"Vulnerability in monitoring software &#8211; HanseSecure GmbH","isPartOf":{"@id":"https:\/\/hansesecure.de\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/#primaryimage"},"image":{"@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/#primaryimage"},"thumbnailUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2020\/06\/blog-solarwinds.jpg","datePublished":"2020-06-03T21:47:18+00:00","dateModified":"2025-01-07T07:22:10+00:00","breadcrumb":{"@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/#primaryimage","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2020\/06\/blog-solarwinds.jpg","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2020\/06\/blog-solarwinds.jpg","width":400,"height":300},{"@type":"BreadcrumbList","@id":"https:\/\/hansesecure.de\/en\/2020\/06\/vulnerability-in-monitoring-software\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/hansesecure.de\/en\/"},{"@type":"ListItem","position":2,"name":"Vulnerability in monitoring software"}]},{"@type":"WebSite","@id":"https:\/\/hansesecure.de\/en\/#website","url":"https:\/\/hansesecure.de\/en\/","name":"HanseSecure GmbH","description":"Choose the Intruder","publisher":{"@id":"https:\/\/hansesecure.de\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hansesecure.de\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hansesecure.de\/en\/#organization","name":"HanseSecure GmbH","url":"https:\/\/hansesecure.de\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/","url":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","contentUrl":"https:\/\/hansesecure.de\/wp-content\/uploads\/2023\/05\/cropped-000-LOGO-intensiv-schwarz-rot-HanseSecure_LOGO_CTI_Vektor_rotes_H11806.png","width":512,"height":512,"caption":"HanseSecure GmbH"},"image":{"@id":"https:\/\/hansesecure.de\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/facebook.com\/hansesecure","https:\/\/x.com\/CyberWarship","https:\/\/www.linkedin.com\/company\/hansesecure","https:\/\/www.youtube.com\/channel\/UCAABbKOA_stDFkEKS3MSF7Q","https:\/\/www.instagram.com\/hansesecure\/"]},{"@type":"Person","@id":"https:\/\/hansesecure.de\/en\/#\/schema\/person\/6ec6ef4887ff2fc97a14f1a7f390f593","name":"HanseSecure","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/58fe26b2270315f2ab1268b229465b72c497c86aac3696aaaf2e629ae4e4f0af?s=96&d=mm&r=g","caption":"HanseSecure"}}]}},"_links":{"self":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/comments?post=7404"}],"version-history":[{"count":1,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7404\/revisions"}],"predecessor-version":[{"id":7405,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/posts\/7404\/revisions\/7405"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media\/7024"}],"wp:attachment":[{"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/media?parent=7404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/categories?post=7404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hansesecure.de\/en\/wp-json\/wp\/v2\/tags?post=7404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}