An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).
References
Link | Resource |
---|---|
https://ernw.de/en/publications.html | Third Party Advisory |
https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/ | Third Party Advisory |
https://support.solarwinds.com/SuccessCenter/s/ | Vendor Advisory |
https://ernw.de/en/publications.html | Third Party Advisory |
https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/ | Third Party Advisory |
https://support.solarwinds.com/SuccessCenter/s/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 05:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://ernw.de/en/publications.html - Third Party Advisory | |
References | () https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/ - Third Party Advisory | |
References | () https://support.solarwinds.com/SuccessCenter/s/ - Vendor Advisory |
Information
Published : 2020-12-16 14:15
Updated : 2024-11-21 05:18
NVD link : CVE-2020-25618
Mitre link : CVE-2020-25618
CVE.ORG link : CVE-2020-25618
JSON object : View
Products Affected
solarwinds
- n-central
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')