SolarWinds Storage Manager < 5.7.2 Remote Code Execution

Critical Nessus Plugin ID 77504


The remote host is running a web application affected by a remote code execution vulnerability.


The remote host is running a version of SolarWinds Storage Manager prior to 5.7.2. It is, therefore, affected by a remote code execution vulnerability due to a flaw in the 'AuthenticationFilter' class. A remote, unauthenticated attacker can exploit this vulnerability to upload malicious scripts which can then execute arbitrary code as the user 'SYSTEM'.


Upgrade to SolarWinds Storage Manager version 5.7.2 or later.

See Also

Plugin Details

Severity: Critical

ID: 77504

File Name: solarwinds_storage_manager_5_7_2.nasl

Version: $Revision: 1.7 $

Type: local

Agent: windows

Family: Windows

Published: 2014/09/03

Modified: 2017/01/30

Dependencies: 77503

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:solarwinds:storage_manager

Required KB Items: installed_sw/SolarWinds Storage Manager

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/08/19

Vulnerability Publication Date: 2014/08/27

Exploitable With

Elliot (Solarwinds Storage Manager ProcessFileUpload.jsp File Upload)

Reference Information

BID: 69438

OSVDB: 110483