Skip to main content

Orion Platform CVE-2023-23840

HIGH
Incorrect Comparison (CWE-697)
2023-09-13 psirt@solarwinds.com
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 13, 2023 - 23:15 nvd
HIGH 7.2

DescriptionNVD

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.

AnalysisAI

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-697. The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. Affected products include: Solarwinds Orion Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-38108 HIGH POC
7.2 Oct 20

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 7.2), this vulne

CVE-2021-25274 CRITICAL POC
9.8 Feb 03

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set p

CVE-2021-25275 HIGH POC
7.8 Feb 03

SolarWinds Orion Platform before 2020.2.4, as used by various SolarWinds products, installs and uses a SQL Server backen

CVE-2021-27258 CRITICAL
9.8 Apr 14

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion

CVE-2019-9546 CRITICAL
9.8 Mar 01

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service. Rated critica

CVE-2021-35222 CRITICAL
9.6 Aug 31

This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Executio

CVE-2020-13169 CRITICAL
9.0 Sep 17

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and p

CVE-2022-36964 HIGH
8.8 Nov 29

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulne

CVE-2022-36960 HIGH
8.8 Nov 29

SolarWinds Platform was susceptible to Improper Input Validation. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2022-36958 HIGH
8.8 Oct 20

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. Rated high severity (CVSS 8.8), this vulne

CVE-2022-36961 HIGH
8.8 Sep 30

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this

CVE-2021-35234 HIGH
8.8 Dec 20

Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged esca

Share

CVE-2023-23840 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy