CVE-2020-25618

An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root (i.e., the use of root privileges is not limited to specific programs listed in the sudoers file).
Configurations

Configuration 1 (hide)

cpe:2.3:a:solarwinds:n-central:12.3.0.670:*:*:*:*:*:*:*

History

21 Nov 2024, 05:18

Type Values Removed Values Added
References () https://ernw.de/en/publications.html - Third Party Advisory () https://ernw.de/en/publications.html - Third Party Advisory
References () https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/ - Third Party Advisory () https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central/ - Third Party Advisory
References () https://support.solarwinds.com/SuccessCenter/s/ - Vendor Advisory () https://support.solarwinds.com/SuccessCenter/s/ - Vendor Advisory

Information

Published : 2020-12-16 14:15

Updated : 2024-11-21 05:18


NVD link : CVE-2020-25618

Mitre link : CVE-2020-25618

CVE.ORG link : CVE-2020-25618


JSON object : View

Products Affected

solarwinds

  • n-central
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')