Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-9566

Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) before 2.2, and possibly other Solarwinds products, allow remote authenticated users to execute arbitrary SQL commands via the (1) dir or (2) sort parameter to the (a) GetAccounts or (b) GetAccountGroups endpoint.

Published

2015-03-10T14:59:02.757

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	solarwinds	orion_ip_address_manager	≤ 4.2	Yes
Application	solarwinds	orion_netflow_traffic_analyzer	≤ 4.0	Yes
Application	solarwinds	orion_network_configuration_manager	≤ 7.3.1	Yes
Application	solarwinds	orion_network_performance_monitor	≤ 11.4	Yes
Application	solarwinds	orion_server_and_application_manager	≤ 6.1	Yes
Application	solarwinds	orion_user_device_tracker	≤ 3.1	Yes
Application	solarwinds	orion_voip_\&_network_quality_manager	≤ 4.1	Yes
Application	solarwinds	orion_web_performance_monitor	≤ 2.1	Yes

References

http://osvdb.org/show/osvdb/118746 ([email protected])
http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html Exploit ([email protected])
http://seclists.org/fulldisclosure/2015/Mar/18 Exploit ([email protected])
http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html Exploit ([email protected])
http://www.exploit-db.com/exploits/36262 Exploit ([email protected])
http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm Vendor Advisory ([email protected])
https://github.com/rapid7/metasploit-framework/pull/4836 ([email protected])
http://osvdb.org/show/osvdb/118746 (af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/130637/Solarwinds-Orion-Service-SQL-Injection.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2015/Mar/18 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://volatile-minds.blogspot.com/2015/02/authenticated-stacked-sql-injection-in.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/36262 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.solarwinds.com/documentation/orion/docs/releasenotes/releasenotes.htm Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rapid7/metasploit-framework/pull/4836 (af854a3a-2127-422b-91ae-364da2661108)