Skip to main content

Orion Platform CVE-2021-25274

CRITICAL
Deserialization of Untrusted Data (CWE-502)
2021-02-03 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 03, 2021 - 17:15 nvd
CRITICAL 9.8

DescriptionNVD

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem.

AnalysisAI

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions on its private queues. As a result, remote unauthenticated clients can send messages to TCP port 1801 that the Collector Service will process. Additionally, upon processing of such messages, the service deserializes them in insecure manner, allowing remote arbitrary code execution as LocalSystem. Affected products include: Solarwinds Orion Platform. Version information: before 2020.2.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.

CVE-2022-38108 HIGH POC
7.2 Oct 20

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulne

CVE-2021-25275 HIGH POC
7.8 Feb 03

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backen

CVE-2021-27258 CRITICAL
9.8 Apr 14

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion

CVE-2019-9546 CRITICAL
9.8 Mar 01

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. Rated critica

CVE-2021-35222 CRITICAL
9.6 Aug 31

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Executio

CVE-2020-13169 CRITICAL
9.0 Sep 17

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and p

CVE-2022-36964 HIGH
8.8 Nov 29

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulne

CVE-2022-36960 HIGH
8.8 Nov 29

SolarWinds Platform was susceptible to Improper Input Validation. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2022-36958 HIGH
8.8 Oct 20

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulne

CVE-2022-36961 HIGH
8.8 Sep 30

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this

CVE-2021-35234 HIGH
8.8 Dec 20

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged esca

CVE-2021-35218 HIGH
8.8 Sep 01

Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. Rated high severi

Share

CVE-2021-25274 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy