SolarWinds Storage Resource Monitor Profiler < 6.2.3 Hotfix 1 RulesMetaData SQLi RCE

critical Nessus Plugin ID 91917

Synopsis

A web application running on the remote host is affected by a remote code execution vulnerability.

Description

The version of SolarWinds Storage Resource Monitor (SRM) Profiler (formerly SolarWinds Storage Manager) running on the remote host is prior to 6.2.3 Hotfix 1. It is, therefore, affected by a remote code execution vulnerability in ScriptServlet due to a failure to sanitize user-supplied input to the addNewRule() method of RulesMetaData. An unauthenticated, remote attacker can exploit this, via SQL injection, to disclose or manipulate arbitrary data in the back-end database or to execute arbitrary code with SYSTEM privileges.

Solution

Upgrade to SolarWinds SRM Profiler version 6.2.3 Hotfix 1 or later.

See Also

http://www.nessus.org/u?799b97fc

https://www.zerodayinitiative.com/advisories/ZDI-16-374/

Plugin Details

Severity: Critical

ID: 91917

File Name: solarwinds_srm_profiler_6_2_3_hotfix_1.nasl

Version: 1.7

Type: local

Agent: windows

Family: Windows

Published: 7/4/2016

Updated: 6/3/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:solarwinds:storage_manager, cpe:/a:solarwinds:storage_resource_monitor

Required KB Items: installed_sw/SolarWinds Storage Manager

Patch Publication Date: 6/10/2016

Vulnerability Publication Date: 6/10/2016

Reference Information

IAVA: 2016-A-0166-S

ZDI: ZDI-16-374