SolarWinds Log and Event Manager < 6.2.0 Multiple Remote Command Execution Vulnerabilities

high Nessus Plugin ID 86425
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote web application is affected by multiple remote command execution vulnerabilities.

Description

According to its self-reported version number, the SolarWinds Log and Event Manager installed on the remote host is prior to version 6.2.0.
It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the messagebroker/nonsecurestreamingamf service when using the traceroute functionality. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary commands on managed hosts using the LEM agent connected to the Log and Event Manager. (CVE-2015-7839)

- A flaw exists in the command line management console (CMC) related to the Ping feature. A remote attacker can exploit this, by using specially crafted text in response to the prompts, to open a bash shell, thus allowing the execution of arbitrary commands.
(CVE-2015-7840)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to SolarWinds Log and Event Manager version 6.2.0 or later.

See Also

http://www.nessus.org/u?75e67f7f

http://www.nessus.org/u?244c12ad

Plugin Details

Severity: High

ID: 86425

File Name: solarwinds_lem_6_2_0.nasl

Version: 1.8

Type: remote

Family: CGI abuses

Published: 10/19/2015

Updated: 1/19/2021

Dependencies: solarwinds_lem_detect.nbin

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:solarwinds:log_and_event_manager

Required KB Items: installed_sw/SolarWinds Log and Event Manager

Exploit Ease: No exploit is required

Patch Publication Date: 9/1/2015

Vulnerability Publication Date: 9/1/2015

Reference Information

CVE: CVE-2015-7839, CVE-2015-7840

BID: 77016, 77118