[VS-2019-001] SolarWinds Orion NPM Remote Code Execution
SolarWinds Orion NPM 12.3.5200.0
SolarWinds Orion NPM suffers from a SYSTEM remote code execution vulnerability in the "OrionModuleEngine" service. This service establishes an NetTcpBinding endpoint that allows remote, unauthenticated clients to connect and call publicly exposed methods. The "InvokeActionMethod" method may be abused by an attacker to execute commands as the SYSTEM user.
Thanks to SolarWinds' prompt response, a fix is available in the 12.4 release.
- 10-01-2018 - Disclosed to Vendor
- 10-02-2018 - Response from Vendor
- 10-08-2018 - Coordination of Patch and Disclosure with Vendor
- 12-04-2018 - Verified patch in 12.4 release
Fabius Watson of VerSprite Security