A user could inject commands into the server and execute arbitrary code as the root user. An attacker could exploit this to obtain access to critical systems or devices, or even hijack the session of a logged-in user. This is a critical issue, as it is possible to create a malicious profile on any SolarWinds system and inject commands, leading to a wide range of potential threats. SolarWinds recommends the following actions: Users are encouraged to update to version 6.10.7181 or higher.

Users are encouraged to change the default server password for network_test.php.

Users are encouraged to disable the “Run Profile Tests” functionality, as this functionality is vulnerable to command injection.

Users are encouraged to change the default password for the “admin” user.

Users are encouraged to disable the “Run Profile Tests” functionality, as this functionality is vulnerable to command injection.

Solution outlining how each company will provide assistance to their users


SolarWinds: The company will provide a manual of best practices to prevent the attack (https://support.solarwinds.com/hc/en-us/articles/36000764108). They will also release an update that fixes the vulnerability and removes the functionality that is vulnerable to command injection (https://www.solarwinds.com/blog/update-for-critical-vulnerability-in-network_test.php).

Other Important Information

The CVE-2022-40881 vulnerability has been fixed with SolarWinds version 6.10.7181 and higher.

SolarWinds Products Affected by This Vulnerability

This Vulnerability affects the following products:
SolarWinds Network Performance Monitor
SolarWinds Server & Application Monitor

Timeline

Published on: 11/17/2022 04:15:00 UTC
Last modified on: 11/18/2022 18:54:00 UTC

References