Detections
Analytics

SolarWinds Orion NPM < 10.7 Multiple Vulnerabilities

medium Nessus Plugin ID 73963

Language:

Synopsis

The remote web server hosts a web application affected by multiple vulnerabilities.

Description

The remote web server hosts a version of SolarWinds Orion NPM prior to version 10.7. It is, therefore, affected by the following vulnerabilities :

 - A flaw exists in the 'wpdlx' ActiveX control where the application fails to validate file types when loading or saving images. This can allow a context-dependent attacker to execute arbitrary code. (ZDI-14-064)

 - A flaw exists in the 'C1Chart3D8' ActiveX control when handling an OC3 file with the LoadURL method. This can allow a context-dependent attacker to execute arbitrary code. (ZDI-14-065)

 - A stack-based buffer overflow flaw exists in the 'Apex' ActiveX control where user input is not validated. This can allow a context-dependent attacker to cause a denial of service or execute arbitrary code. (ZDI-14-066)

 - A flaw exists in the 'VSReport' ActiveX control that can allow a remote attacker to execute arbitrary code.
 (ZDI-14-067)

 - A path traversal flaw exists in the 'FSMWebService' where the 'DownloadFileServlet' does not properly sanitize user input. This can allow a remote attacker, using a specially crafted request, to access arbitrary files. (ZDI-14-068)

 - A heap buffer overflow flaw exists due to user supplied input not being validated when handling the 'PEstrarg1' property. This can allow a context-dependent attacker to cause a denial of service or execute arbitrary code.
 (ZDI-14-115)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to SolarWinds Orion NPM 10.7 or later.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-14-064/

https://www.zerodayinitiative.com/advisories/ZDI-14-065/

https://www.zerodayinitiative.com/advisories/ZDI-14-066/

https://www.zerodayinitiative.com/advisories/ZDI-14-067/

https://www.zerodayinitiative.com/advisories/ZDI-14-068/

https://www.zerodayinitiative.com/advisories/ZDI-14-115/

http://www.nessus.org/u?ea627d5d

Plugin Details

Severity: Medium

ID: 73963

File Name: solarwinds_orion_npm_10_7.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 5/12/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:solarwinds:orion_network_performance_monitor

Required KB Items: installed_sw/SolarWinds Orion Core

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 4/8/2014

Vulnerability Publication Date: 4/8/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-3459

BID: 66741, 67048